diff options
| author | zuul <zuul@gerrit.asterisk.org> | 2016-06-21 07:02:17 -0500 |
|---|---|---|
| committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2016-06-21 07:02:17 -0500 |
| commit | b0e71c6571ec34a1aa115ce0ba26f7e37f487eaa (patch) | |
| tree | 17da34129eade93d7b4bbc76355adecdc4f4df5f /main | |
| parent | 9856b4afe0c4cd3d86aac85409da51fdc33ef3f0 (diff) | |
| parent | 5134a8043a81b5b3d0b70ae3fbf7564f2526469a (diff) | |
Merge "fix: memory leaks, resource leaks, out of bounds and bugs" into 13
Diffstat (limited to 'main')
| -rw-r--r-- | main/ast_expr2.c | 9 | ||||
| -rw-r--r-- | main/ast_expr2.y | 9 | ||||
| -rw-r--r-- | main/say.c | 4 |
3 files changed, 18 insertions, 4 deletions
diff --git a/main/ast_expr2.c b/main/ast_expr2.c index a9e4eff44..781abd95a 100644 --- a/main/ast_expr2.c +++ b/main/ast_expr2.c @@ -3668,13 +3668,20 @@ op_tildetilde (struct val *a, struct val *b) /* strip double quotes from both -- */ strip_quotes(a); strip_quotes(b); - + vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1); + if (vs == NULL) { + ast_log(LOG_WARNING, "malloc() failed\n"); + return NULL; + } + strcpy(vs,a->u.s); strcat(vs,b->u.s); v = make_str(vs); + free(vs); + /* free arguments */ free_value(a); free_value(b); diff --git a/main/ast_expr2.y b/main/ast_expr2.y index 869dfe9ea..913bc2662 100644 --- a/main/ast_expr2.y +++ b/main/ast_expr2.y @@ -1661,13 +1661,20 @@ op_tildetilde (struct val *a, struct val *b) /* strip double quotes from both -- */ strip_quotes(a); strip_quotes(b); - + vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1); + if (vs == NULL) { + ast_log(LOG_WARNING, "malloc() failed\n"); + return NULL; + } + strcpy(vs,a->u.s); strcat(vs,b->u.s); v = make_str(vs); + free(vs); + /* free arguments */ free_value(a); free_value(b); diff --git a/main/say.c b/main/say.c index ef80dfa7d..51dc4e23a 100644 --- a/main/say.c +++ b/main/say.c @@ -7948,9 +7948,9 @@ int ast_say_date_with_format_ja(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < 256) ; sndoffset++) + for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; |