diff options
| author | Alexei Gradinari <alex2grad@gmail.com> | 2016-06-16 16:56:19 -0400 |
|---|---|---|
| committer | Alexei Gradinari <alex2grad@gmail.com> | 2016-06-20 13:06:00 -0400 |
| commit | 5134a8043a81b5b3d0b70ae3fbf7564f2526469a (patch) | |
| tree | 23b8a01a91b6e148f00187b1b624e66ea5753b6e /main | |
| parent | 03953d80346b3561305606f8509ab3ea2fa962a1 (diff) | |
fix: memory leaks, resource leaks, out of bounds and bugs
ASTERISK-26119 #close
Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c
Diffstat (limited to 'main')
| -rw-r--r-- | main/ast_expr2.c | 9 | ||||
| -rw-r--r-- | main/ast_expr2.y | 9 | ||||
| -rw-r--r-- | main/say.c | 4 |
3 files changed, 18 insertions, 4 deletions
diff --git a/main/ast_expr2.c b/main/ast_expr2.c index a9e4eff44..781abd95a 100644 --- a/main/ast_expr2.c +++ b/main/ast_expr2.c @@ -3668,13 +3668,20 @@ op_tildetilde (struct val *a, struct val *b) /* strip double quotes from both -- */ strip_quotes(a); strip_quotes(b); - + vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1); + if (vs == NULL) { + ast_log(LOG_WARNING, "malloc() failed\n"); + return NULL; + } + strcpy(vs,a->u.s); strcat(vs,b->u.s); v = make_str(vs); + free(vs); + /* free arguments */ free_value(a); free_value(b); diff --git a/main/ast_expr2.y b/main/ast_expr2.y index 869dfe9ea..913bc2662 100644 --- a/main/ast_expr2.y +++ b/main/ast_expr2.y @@ -1661,13 +1661,20 @@ op_tildetilde (struct val *a, struct val *b) /* strip double quotes from both -- */ strip_quotes(a); strip_quotes(b); - + vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1); + if (vs == NULL) { + ast_log(LOG_WARNING, "malloc() failed\n"); + return NULL; + } + strcpy(vs,a->u.s); strcat(vs,b->u.s); v = make_str(vs); + free(vs); + /* free arguments */ free_value(a); free_value(b); diff --git a/main/say.c b/main/say.c index ef80dfa7d..51dc4e23a 100644 --- a/main/say.c +++ b/main/say.c @@ -7948,9 +7948,9 @@ int ast_say_date_with_format_ja(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < 256) ; sndoffset++) + for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; |