diff options
| author | Richard Mudgett <rmudgett@digium.com> | 2013-09-10 18:05:47 +0000 |
|---|---|---|
| committer | Richard Mudgett <rmudgett@digium.com> | 2013-09-10 18:05:47 +0000 |
| commit | 83bf017db9804c9274608ded72d70a72c086d756 (patch) | |
| tree | a2f9a38495c75235101c86a3572529098fc5800f | |
| parent | 87cf916cdbcf16d244bd71d91ec5b849cc186923 (diff) | |
Fix incorrect usages of ast_realloc().
There are several locations in the code base where this is done:
buf = ast_realloc(buf, new_size);
This is going to leak the original buf contents if the realloc fails.
Review: https://reviewboard.asterisk.org/r/2832/
........
Merged revisions 398757 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 398758 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 398759 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@398760 65c4cc65-6c06-0410-ace0-fbb531ad65f3
| -rw-r--r-- | funcs/func_dialgroup.c | 8 | ||||
| -rw-r--r-- | main/asterisk.c | 68 | ||||
| -rw-r--r-- | main/cli.c | 33 | ||||
| -rw-r--r-- | main/event.c | 6 | ||||
| -rw-r--r-- | main/heap.c | 13 | ||||
| -rw-r--r-- | main/indications.c | 7 | ||||
| -rw-r--r-- | main/xmldoc.c | 13 | ||||
| -rw-r--r-- | res/res_musiconhold.c | 16 | ||||
| -rw-r--r-- | res/res_pjsip/pjsip_configuration.c | 19 |
9 files changed, 127 insertions, 56 deletions
diff --git a/funcs/func_dialgroup.c b/funcs/func_dialgroup.c index 0e078cd80..37aba6afb 100644 --- a/funcs/func_dialgroup.c +++ b/funcs/func_dialgroup.c @@ -174,11 +174,17 @@ static int dialgroup_refreshdb(struct ast_channel *chan, const char *cdialgroup) { int len = 500, res = 0; char *buf = NULL; + char *new_buf; char *dialgroup = ast_strdupa(cdialgroup); do { len *= 2; - buf = ast_realloc(buf, len); + new_buf = ast_realloc(buf, len); + if (!new_buf) { + ast_free(buf); + return -1; + } + buf = new_buf; if ((res = dialgroup_read(chan, "", dialgroup, buf, len)) < 0) { ast_free(buf); diff --git a/main/asterisk.c b/main/asterisk.c index 3b08d76c5..9d051c847 100644 --- a/main/asterisk.c +++ b/main/asterisk.c @@ -2777,45 +2777,62 @@ static char *cli_prompt(EditLine *editline) return ast_str_buffer(prompt); } +static void destroy_match_list(char **match_list, int matches) +{ + if (match_list) { + int idx; + + for (idx = 0; idx < matches; ++idx) { + ast_free(match_list[idx]); + } + ast_free(match_list); + } +} + static char **ast_el_strtoarr(char *buf) { - char **match_list = NULL, **match_list_tmp, *retstr; - size_t match_list_len; + char *retstr; + char **match_list = NULL; + char **new_list; + size_t match_list_len = 1; int matches = 0; - match_list_len = 1; - while ( (retstr = strsep(&buf, " ")) != NULL) { - - if (!strcmp(retstr, AST_CLI_COMPLETE_EOF)) + while ((retstr = strsep(&buf, " "))) { + if (!strcmp(retstr, AST_CLI_COMPLETE_EOF)) { break; + } if (matches + 1 >= match_list_len) { match_list_len <<= 1; - if ((match_list_tmp = ast_realloc(match_list, match_list_len * sizeof(char *)))) { - match_list = match_list_tmp; - } else { - if (match_list) - ast_free(match_list); - return (char **) NULL; + new_list = ast_realloc(match_list, match_list_len * sizeof(char *)); + if (!new_list) { + destroy_match_list(match_list, matches); + return NULL; } + match_list = new_list; } - match_list[matches++] = ast_strdup(retstr); + retstr = ast_strdup(retstr); + if (!retstr) { + destroy_match_list(match_list, matches); + return NULL; + } + match_list[matches++] = retstr; } - if (!match_list) - return (char **) NULL; + if (!match_list) { + return NULL; + } if (matches >= match_list_len) { - if ((match_list_tmp = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *)))) { - match_list = match_list_tmp; - } else { - if (match_list) - ast_free(match_list); - return (char **) NULL; + new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *)); + if (!new_list) { + destroy_match_list(match_list, matches); + return NULL; } + match_list = new_list; } - match_list[matches] = (char *) NULL; + match_list[matches] = NULL; return match_list; } @@ -2916,7 +2933,9 @@ static char *cli_complete(EditLine *editline, int ch) if (nummatches > 0) { char *mbuf; + char *new_mbuf; int mlen = 0, maxmbuf = 2048; + /* Start with a 2048 byte buffer */ if (!(mbuf = ast_malloc(maxmbuf))) { *((char *) lf->cursor) = savechr; @@ -2930,10 +2949,13 @@ static char *cli_complete(EditLine *editline, int ch) if (mlen + 1024 > maxmbuf) { /* Every step increment buffer 1024 bytes */ maxmbuf += 1024; - if (!(mbuf = ast_realloc(mbuf, maxmbuf))) { + new_mbuf = ast_realloc(mbuf, maxmbuf); + if (!new_mbuf) { + ast_free(mbuf); *((char *) lf->cursor) = savechr; return (char *)(CC_ERROR); } + mbuf = new_mbuf; } /* Only read 1024 bytes at a time */ res = read(ast_consock, mbuf + mlen, 1024); diff --git a/main/cli.c b/main/cli.c index 54efd6f4c..9d9fda4f1 100644 --- a/main/cli.c +++ b/main/cli.c @@ -2363,9 +2363,22 @@ int ast_cli_generatornummatches(const char *text, const char *word) return matches; } +static void destroy_match_list(char **match_list, int matches) +{ + if (match_list) { + int idx; + + for (idx = 1; idx < matches; ++idx) { + ast_free(match_list[idx]); + } + ast_free(match_list); + } +} + char **ast_cli_completion_matches(const char *text, const char *word) { char **match_list = NULL, *retstr, *prevstr; + char **new_list; size_t match_list_len, max_equal, which, i; int matches = 0; @@ -2374,14 +2387,19 @@ char **ast_cli_completion_matches(const char *text, const char *word) while ((retstr = ast_cli_generator(text, word, matches)) != NULL) { if (matches + 1 >= match_list_len) { match_list_len <<= 1; - if (!(match_list = ast_realloc(match_list, match_list_len * sizeof(*match_list)))) + new_list = ast_realloc(match_list, match_list_len * sizeof(*match_list)); + if (!new_list) { + destroy_match_list(match_list, matches); return NULL; + } + match_list = new_list; } match_list[++matches] = retstr; } - if (!match_list) + if (!match_list) { return match_list; /* NULL */ + } /* Find the longest substring that is common to all results * (it is a candidate for completion), and store a copy in entry 0. @@ -2394,20 +2412,23 @@ char **ast_cli_completion_matches(const char *text, const char *word) max_equal = i; } - if (!(retstr = ast_malloc(max_equal + 1))) { - ast_free(match_list); + retstr = ast_malloc(max_equal + 1); + if (!retstr) { + destroy_match_list(match_list, matches); return NULL; } - ast_copy_string(retstr, match_list[1], max_equal + 1); match_list[0] = retstr; /* ensure that the array is NULL terminated */ if (matches + 1 >= match_list_len) { - if (!(match_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list)))) { + new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list)); + if (!new_list) { ast_free(retstr); + destroy_match_list(match_list, matches); return NULL; } + match_list = new_list; } match_list[matches + 1] = NULL; diff --git a/main/event.c b/main/event.c index 0f0406f55..d183e585e 100644 --- a/main/event.c +++ b/main/event.c @@ -311,13 +311,17 @@ static int event_append_ie_raw(struct ast_event **event, enum ast_event_ie_type const void *data, size_t data_len) { struct ast_event_ie *ie; + struct ast_event *old_event; unsigned int extra_len; uint16_t event_len; event_len = ntohs((*event)->event_len); extra_len = sizeof(*ie) + data_len; - if (!(*event = ast_realloc(*event, event_len + extra_len))) { + old_event = *event; + *event = ast_realloc(*event, event_len + extra_len); + if (!*event) { + ast_free(old_event); return -1; } diff --git a/main/heap.c b/main/heap.c index b2c0d3835..c04f7a010 100644 --- a/main/heap.c +++ b/main/heap.c @@ -181,18 +181,19 @@ static int grow_heap(struct ast_heap *h #endif ) { - h->avail_len = h->avail_len * 2 + 1; + void **new_heap; + size_t new_len = h->avail_len * 2 + 1; - if (!(h->heap = #ifdef MALLOC_DEBUG - __ast_realloc(h->heap, h->avail_len * sizeof(void *), file, lineno, func) + new_heap = __ast_realloc(h->heap, new_len * sizeof(void *), file, lineno, func); #else - ast_realloc(h->heap, h->avail_len * sizeof(void *)) + new_heap = ast_realloc(h->heap, new_len * sizeof(void *)); #endif - )) { - h->cur_len = h->avail_len = 0; + if (!new_heap) { return -1; } + h->heap = new_heap; + h->avail_len = new_len; return 0; } diff --git a/main/indications.c b/main/indications.c index 8d644e53e..2f2bdce62 100644 --- a/main/indications.c +++ b/main/indications.c @@ -341,12 +341,12 @@ int ast_playtones_start(struct ast_channel *chan, int vol, const char *playlst, } while ((s = strsep(&stringp, separator)) && !ast_strlen_zero(s)) { + struct playtones_item *new_items; struct ast_tone_zone_part tone_data = { .time = 0, }; s = ast_strip(s); - if (s[0]=='!') { s++; } else if (d.reppos == -1) { @@ -374,9 +374,12 @@ int ast_playtones_start(struct ast_channel *chan, int vol, const char *playlst, } } - if (!(d.items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items)))) { + new_items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items)); + if (!new_items) { + ast_free(d.items); return -1; } + d.items = new_items; d.items[d.nitems].fac1 = 2.0 * cos(2.0 * M_PI * (tone_data.freq1 / sample_rate)) * max_sample_val; d.items[d.nitems].init_v2_1 = sin(-4.0 * M_PI * (tone_data.freq1 / sample_rate)) * d.vol; diff --git a/main/xmldoc.c b/main/xmldoc.c index 7ca66e12b..80e7830ae 100644 --- a/main/xmldoc.c +++ b/main/xmldoc.c @@ -607,8 +607,11 @@ static struct ast_xml_node *xmldoc_get_node(const char *type, const char *name, */ static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reverse, int *len, char **syntax, const char *fmt, ...) { - int totlen, tmpfmtlen; - char *tmpfmt, tmp; + int totlen; + int tmpfmtlen; + char *tmpfmt; + char *new_syntax; + char tmp; va_list ap; va_start(ap, fmt); @@ -621,12 +624,12 @@ static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reve tmpfmtlen = strlen(tmpfmt); totlen = *len + tmpfmtlen + 1; - *syntax = ast_realloc(*syntax, totlen); - - if (!*syntax) { + new_syntax = ast_realloc(*syntax, totlen); + if (!new_syntax) { ast_free(tmpfmt); return; } + *syntax = new_syntax; if (reverse) { memmove(*syntax + tmpfmtlen, *syntax, *len); diff --git a/res/res_musiconhold.c b/res/res_musiconhold.c index 70c985eb9..086139ab8 100644 --- a/res/res_musiconhold.c +++ b/res/res_musiconhold.c @@ -1055,20 +1055,26 @@ static struct ast_generator mohgen = { static int moh_add_file(struct mohclass *class, const char *filepath) { if (!class->allowed_files) { - if (!(class->filearray = ast_calloc(1, INITIAL_NUM_FILES * sizeof(*class->filearray)))) + class->filearray = ast_calloc(1, INITIAL_NUM_FILES * sizeof(*class->filearray)); + if (!class->filearray) { return -1; + } class->allowed_files = INITIAL_NUM_FILES; } else if (class->total_files == class->allowed_files) { - if (!(class->filearray = ast_realloc(class->filearray, class->allowed_files * sizeof(*class->filearray) * 2))) { - class->allowed_files = 0; - class->total_files = 0; + char **new_array; + + new_array = ast_realloc(class->filearray, class->allowed_files * sizeof(*class->filearray) * 2); + if (!new_array) { return -1; } + class->filearray = new_array; class->allowed_files *= 2; } - if (!(class->filearray[class->total_files] = ast_strdup(filepath))) + class->filearray[class->total_files] = ast_strdup(filepath); + if (!class->filearray[class->total_files]) { return -1; + } class->total_files++; diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c index eb34675af..14b122c22 100644 --- a/res/res_pjsip/pjsip_configuration.c +++ b/res/res_pjsip/pjsip_configuration.c @@ -290,6 +290,7 @@ void ast_sip_auth_array_destroy(struct ast_sip_auth_array *auths) ast_free((char *) auths->names[i]); } ast_free(auths->names); + auths->names = NULL; auths->num = 0; } @@ -300,22 +301,26 @@ int ast_sip_auth_array_init(struct ast_sip_auth_array *auths, const char *value) char *auth_names = ast_strdupa(value); char *val; int num_alloced = 0; - const char **alloced_auths = NULL; + const char **alloced_auths; + + ast_assert(auths != NULL); + ast_assert(auths->names == NULL); + ast_assert(!auths->num); while ((val = strsep(&auth_names, ","))) { if (auths->num >= num_alloced) { - size_t size; num_alloced += AUTH_INCREMENT; - size = num_alloced * sizeof(char *); - auths->names = ast_realloc(alloced_auths, size); - if (!auths->names) { + alloced_auths = ast_realloc(auths->names, num_alloced * sizeof(char *)); + if (!alloced_auths) { goto failure; } + auths->names = alloced_auths; } - auths->names[auths->num] = ast_strdup(val); - if (!auths->names[auths->num]) { + val = ast_strdup(val); + if (!val) { goto failure; } + auths->names[auths->num] = val; ++auths->num; } return 0; |