diff options
author | Richard Mudgett <rmudgett@digium.com> | 2013-09-10 18:05:47 +0000 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2013-09-10 18:05:47 +0000 |
commit | 83bf017db9804c9274608ded72d70a72c086d756 (patch) | |
tree | a2f9a38495c75235101c86a3572529098fc5800f /main | |
parent | 87cf916cdbcf16d244bd71d91ec5b849cc186923 (diff) |
Fix incorrect usages of ast_realloc().
There are several locations in the code base where this is done:
buf = ast_realloc(buf, new_size);
This is going to leak the original buf contents if the realloc fails.
Review: https://reviewboard.asterisk.org/r/2832/
........
Merged revisions 398757 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 398758 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 398759 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@398760 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main')
-rw-r--r-- | main/asterisk.c | 68 | ||||
-rw-r--r-- | main/cli.c | 33 | ||||
-rw-r--r-- | main/event.c | 6 | ||||
-rw-r--r-- | main/heap.c | 13 | ||||
-rw-r--r-- | main/indications.c | 7 | ||||
-rw-r--r-- | main/xmldoc.c | 13 |
6 files changed, 97 insertions, 43 deletions
diff --git a/main/asterisk.c b/main/asterisk.c index 3b08d76c5..9d051c847 100644 --- a/main/asterisk.c +++ b/main/asterisk.c @@ -2777,45 +2777,62 @@ static char *cli_prompt(EditLine *editline) return ast_str_buffer(prompt); } +static void destroy_match_list(char **match_list, int matches) +{ + if (match_list) { + int idx; + + for (idx = 0; idx < matches; ++idx) { + ast_free(match_list[idx]); + } + ast_free(match_list); + } +} + static char **ast_el_strtoarr(char *buf) { - char **match_list = NULL, **match_list_tmp, *retstr; - size_t match_list_len; + char *retstr; + char **match_list = NULL; + char **new_list; + size_t match_list_len = 1; int matches = 0; - match_list_len = 1; - while ( (retstr = strsep(&buf, " ")) != NULL) { - - if (!strcmp(retstr, AST_CLI_COMPLETE_EOF)) + while ((retstr = strsep(&buf, " "))) { + if (!strcmp(retstr, AST_CLI_COMPLETE_EOF)) { break; + } if (matches + 1 >= match_list_len) { match_list_len <<= 1; - if ((match_list_tmp = ast_realloc(match_list, match_list_len * sizeof(char *)))) { - match_list = match_list_tmp; - } else { - if (match_list) - ast_free(match_list); - return (char **) NULL; + new_list = ast_realloc(match_list, match_list_len * sizeof(char *)); + if (!new_list) { + destroy_match_list(match_list, matches); + return NULL; } + match_list = new_list; } - match_list[matches++] = ast_strdup(retstr); + retstr = ast_strdup(retstr); + if (!retstr) { + destroy_match_list(match_list, matches); + return NULL; + } + match_list[matches++] = retstr; } - if (!match_list) - return (char **) NULL; + if (!match_list) { + return NULL; + } if (matches >= match_list_len) { - if ((match_list_tmp = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *)))) { - match_list = match_list_tmp; - } else { - if (match_list) - ast_free(match_list); - return (char **) NULL; + new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *)); + if (!new_list) { + destroy_match_list(match_list, matches); + return NULL; } + match_list = new_list; } - match_list[matches] = (char *) NULL; + match_list[matches] = NULL; return match_list; } @@ -2916,7 +2933,9 @@ static char *cli_complete(EditLine *editline, int ch) if (nummatches > 0) { char *mbuf; + char *new_mbuf; int mlen = 0, maxmbuf = 2048; + /* Start with a 2048 byte buffer */ if (!(mbuf = ast_malloc(maxmbuf))) { *((char *) lf->cursor) = savechr; @@ -2930,10 +2949,13 @@ static char *cli_complete(EditLine *editline, int ch) if (mlen + 1024 > maxmbuf) { /* Every step increment buffer 1024 bytes */ maxmbuf += 1024; - if (!(mbuf = ast_realloc(mbuf, maxmbuf))) { + new_mbuf = ast_realloc(mbuf, maxmbuf); + if (!new_mbuf) { + ast_free(mbuf); *((char *) lf->cursor) = savechr; return (char *)(CC_ERROR); } + mbuf = new_mbuf; } /* Only read 1024 bytes at a time */ res = read(ast_consock, mbuf + mlen, 1024); diff --git a/main/cli.c b/main/cli.c index 54efd6f4c..9d9fda4f1 100644 --- a/main/cli.c +++ b/main/cli.c @@ -2363,9 +2363,22 @@ int ast_cli_generatornummatches(const char *text, const char *word) return matches; } +static void destroy_match_list(char **match_list, int matches) +{ + if (match_list) { + int idx; + + for (idx = 1; idx < matches; ++idx) { + ast_free(match_list[idx]); + } + ast_free(match_list); + } +} + char **ast_cli_completion_matches(const char *text, const char *word) { char **match_list = NULL, *retstr, *prevstr; + char **new_list; size_t match_list_len, max_equal, which, i; int matches = 0; @@ -2374,14 +2387,19 @@ char **ast_cli_completion_matches(const char *text, const char *word) while ((retstr = ast_cli_generator(text, word, matches)) != NULL) { if (matches + 1 >= match_list_len) { match_list_len <<= 1; - if (!(match_list = ast_realloc(match_list, match_list_len * sizeof(*match_list)))) + new_list = ast_realloc(match_list, match_list_len * sizeof(*match_list)); + if (!new_list) { + destroy_match_list(match_list, matches); return NULL; + } + match_list = new_list; } match_list[++matches] = retstr; } - if (!match_list) + if (!match_list) { return match_list; /* NULL */ + } /* Find the longest substring that is common to all results * (it is a candidate for completion), and store a copy in entry 0. @@ -2394,20 +2412,23 @@ char **ast_cli_completion_matches(const char *text, const char *word) max_equal = i; } - if (!(retstr = ast_malloc(max_equal + 1))) { - ast_free(match_list); + retstr = ast_malloc(max_equal + 1); + if (!retstr) { + destroy_match_list(match_list, matches); return NULL; } - ast_copy_string(retstr, match_list[1], max_equal + 1); match_list[0] = retstr; /* ensure that the array is NULL terminated */ if (matches + 1 >= match_list_len) { - if (!(match_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list)))) { + new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list)); + if (!new_list) { ast_free(retstr); + destroy_match_list(match_list, matches); return NULL; } + match_list = new_list; } match_list[matches + 1] = NULL; diff --git a/main/event.c b/main/event.c index 0f0406f55..d183e585e 100644 --- a/main/event.c +++ b/main/event.c @@ -311,13 +311,17 @@ static int event_append_ie_raw(struct ast_event **event, enum ast_event_ie_type const void *data, size_t data_len) { struct ast_event_ie *ie; + struct ast_event *old_event; unsigned int extra_len; uint16_t event_len; event_len = ntohs((*event)->event_len); extra_len = sizeof(*ie) + data_len; - if (!(*event = ast_realloc(*event, event_len + extra_len))) { + old_event = *event; + *event = ast_realloc(*event, event_len + extra_len); + if (!*event) { + ast_free(old_event); return -1; } diff --git a/main/heap.c b/main/heap.c index b2c0d3835..c04f7a010 100644 --- a/main/heap.c +++ b/main/heap.c @@ -181,18 +181,19 @@ static int grow_heap(struct ast_heap *h #endif ) { - h->avail_len = h->avail_len * 2 + 1; + void **new_heap; + size_t new_len = h->avail_len * 2 + 1; - if (!(h->heap = #ifdef MALLOC_DEBUG - __ast_realloc(h->heap, h->avail_len * sizeof(void *), file, lineno, func) + new_heap = __ast_realloc(h->heap, new_len * sizeof(void *), file, lineno, func); #else - ast_realloc(h->heap, h->avail_len * sizeof(void *)) + new_heap = ast_realloc(h->heap, new_len * sizeof(void *)); #endif - )) { - h->cur_len = h->avail_len = 0; + if (!new_heap) { return -1; } + h->heap = new_heap; + h->avail_len = new_len; return 0; } diff --git a/main/indications.c b/main/indications.c index 8d644e53e..2f2bdce62 100644 --- a/main/indications.c +++ b/main/indications.c @@ -341,12 +341,12 @@ int ast_playtones_start(struct ast_channel *chan, int vol, const char *playlst, } while ((s = strsep(&stringp, separator)) && !ast_strlen_zero(s)) { + struct playtones_item *new_items; struct ast_tone_zone_part tone_data = { .time = 0, }; s = ast_strip(s); - if (s[0]=='!') { s++; } else if (d.reppos == -1) { @@ -374,9 +374,12 @@ int ast_playtones_start(struct ast_channel *chan, int vol, const char *playlst, } } - if (!(d.items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items)))) { + new_items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items)); + if (!new_items) { + ast_free(d.items); return -1; } + d.items = new_items; d.items[d.nitems].fac1 = 2.0 * cos(2.0 * M_PI * (tone_data.freq1 / sample_rate)) * max_sample_val; d.items[d.nitems].init_v2_1 = sin(-4.0 * M_PI * (tone_data.freq1 / sample_rate)) * d.vol; diff --git a/main/xmldoc.c b/main/xmldoc.c index 7ca66e12b..80e7830ae 100644 --- a/main/xmldoc.c +++ b/main/xmldoc.c @@ -607,8 +607,11 @@ static struct ast_xml_node *xmldoc_get_node(const char *type, const char *name, */ static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reverse, int *len, char **syntax, const char *fmt, ...) { - int totlen, tmpfmtlen; - char *tmpfmt, tmp; + int totlen; + int tmpfmtlen; + char *tmpfmt; + char *new_syntax; + char tmp; va_list ap; va_start(ap, fmt); @@ -621,12 +624,12 @@ static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reve tmpfmtlen = strlen(tmpfmt); totlen = *len + tmpfmtlen + 1; - *syntax = ast_realloc(*syntax, totlen); - - if (!*syntax) { + new_syntax = ast_realloc(*syntax, totlen); + if (!new_syntax) { ast_free(tmpfmt); return; } + *syntax = new_syntax; if (reverse) { memmove(*syntax + tmpfmtlen, *syntax, *len); |