kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-24 22:58:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect usages of ast_realloc().

Browse Source 
There are several locations in the code base where this is done:
buf = ast_realloc(buf, new_size);

This is going to leak the original buf contents if the realloc fails.

Review: https://reviewboard.asterisk.org/r/2832/
........

Merged revisions 398757 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 398758 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 398759 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@398760 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Richard Mudgett
2013-09-10 18:05:47 +00:00
parent 87cf916cdb
commit 83bf017db9
9 changed files with 130 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
funcs/func_dialgroup.c
View File

@@ -174,11 +174,17 @@ static int dialgroup_refreshdb(struct ast_channel *chan, const char *cdialgroup)
{ {
int len = 500, res = 0; int len = 500, res = 0;
char *buf = NULL; char *buf = NULL;
char *new_buf;
char *dialgroup = ast_strdupa(cdialgroup); char *dialgroup = ast_strdupa(cdialgroup);
do { do {
len *= 2; len *= 2;
buf = ast_realloc(buf, len); new_buf = ast_realloc(buf, len);
if (!new_buf) {
ast_free(buf);
return -1;
}
buf = new_buf;
if ((res = dialgroup_read(chan, "", dialgroup, buf, len)) < 0) { if ((res = dialgroup_read(chan, "", dialgroup, buf, len)) < 0) {
ast_free(buf); ast_free(buf);

68
main/asterisk.c
View File

@@ -2777,45 +2777,62 @@ static char *cli_prompt(EditLine *editline)
return ast_str_buffer(prompt); return ast_str_buffer(prompt);
} }
static void destroy_match_list(char **match_list, int matches)
{
if (match_list) {
int idx;
for (idx = 0; idx < matches; ++idx) {
ast_free(match_list[idx]);
}
ast_free(match_list);
}
}
static char **ast_el_strtoarr(char *buf) static char **ast_el_strtoarr(char *buf)
{ {
char **match_list = NULL, **match_list_tmp, *retstr; char *retstr;
size_t match_list_len; char **match_list = NULL;
char **new_list;
size_t match_list_len = 1;
int matches = 0; int matches = 0;
match_list_len = 1; while ((retstr = strsep(&buf, " "))) {
while ( (retstr = strsep(&buf, " ")) != NULL) { if (!strcmp(retstr, AST_CLI_COMPLETE_EOF)) {
if (!strcmp(retstr, AST_CLI_COMPLETE_EOF))
break; break;
}
if (matches + 1 >= match_list_len) { if (matches + 1 >= match_list_len) {
match_list_len <<= 1; match_list_len <<= 1;
if ((match_list_tmp = ast_realloc(match_list, match_list_len * sizeof(char *)))) { new_list = ast_realloc(match_list, match_list_len * sizeof(char *));
match_list = match_list_tmp; if (!new_list) {
} else { destroy_match_list(match_list, matches);
if (match_list) return NULL;
ast_free(match_list);
return (char **) NULL;
} }
match_list = new_list;
} }
match_list[matches++] = ast_strdup(retstr); retstr = ast_strdup(retstr);
if (!retstr) {
destroy_match_list(match_list, matches);
return NULL;
}
match_list[matches++] = retstr;
} }
if (!match_list) if (!match_list) {
return (char **) NULL; return NULL;
}
if (matches >= match_list_len) { if (matches >= match_list_len) {
if ((match_list_tmp = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *)))) { new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *));
match_list = match_list_tmp; if (!new_list) {
} else { destroy_match_list(match_list, matches);
if (match_list) return NULL;
ast_free(match_list);
return (char **) NULL;
} }
match_list = new_list;
} }
match_list[matches] = (char *) NULL; match_list[matches] = NULL;
return match_list; return match_list;
} }
@@ -2916,7 +2933,9 @@ static char *cli_complete(EditLine *editline, int ch)
if (nummatches > 0) { if (nummatches > 0) {
char *mbuf; char *mbuf;
char *new_mbuf;
int mlen = 0, maxmbuf = 2048; int mlen = 0, maxmbuf = 2048;
/* Start with a 2048 byte buffer */ /* Start with a 2048 byte buffer */
if (!(mbuf = ast_malloc(maxmbuf))) { if (!(mbuf = ast_malloc(maxmbuf))) {
*((char *) lf->cursor) = savechr; *((char *) lf->cursor) = savechr;
@@ -2930,10 +2949,13 @@ static char *cli_complete(EditLine *editline, int ch)
if (mlen + 1024 > maxmbuf) { if (mlen + 1024 > maxmbuf) {
/* Every step increment buffer 1024 bytes */ /* Every step increment buffer 1024 bytes */
maxmbuf += 1024; maxmbuf += 1024;
if (!(mbuf = ast_realloc(mbuf, maxmbuf))) { new_mbuf = ast_realloc(mbuf, maxmbuf);
if (!new_mbuf) {
ast_free(mbuf);
*((char *) lf->cursor) = savechr; *((char *) lf->cursor) = savechr;
return (char *)(CC_ERROR); return (char *)(CC_ERROR);
} }
mbuf = new_mbuf;
} }
/* Only read 1024 bytes at a time */ /* Only read 1024 bytes at a time */
res = read(ast_consock, mbuf + mlen, 1024); res = read(ast_consock, mbuf + mlen, 1024);

33
main/cli.c
View File

@@ -2363,9 +2363,22 @@ int ast_cli_generatornummatches(const char *text, const char *word)
return matches; return matches;
} }
static void destroy_match_list(char **match_list, int matches)
{
if (match_list) {
int idx;
for (idx = 1; idx < matches; ++idx) {
ast_free(match_list[idx]);
}
ast_free(match_list);
}
}
char **ast_cli_completion_matches(const char *text, const char *word) char **ast_cli_completion_matches(const char *text, const char *word)
{ {
char **match_list = NULL, *retstr, *prevstr; char **match_list = NULL, *retstr, *prevstr;
char **new_list;
size_t match_list_len, max_equal, which, i; size_t match_list_len, max_equal, which, i;
int matches = 0; int matches = 0;
@@ -2374,14 +2387,19 @@ char **ast_cli_completion_matches(const char *text, const char *word)
while ((retstr = ast_cli_generator(text, word, matches)) != NULL) { while ((retstr = ast_cli_generator(text, word, matches)) != NULL) {
if (matches + 1 >= match_list_len) { if (matches + 1 >= match_list_len) {
match_list_len <<= 1; match_list_len <<= 1;
if (!(match_list = ast_realloc(match_list, match_list_len * sizeof(*match_list)))) new_list = ast_realloc(match_list, match_list_len * sizeof(*match_list));
if (!new_list) {
destroy_match_list(match_list, matches);
return NULL; return NULL;
}
match_list = new_list;
} }
match_list[++matches] = retstr; match_list[++matches] = retstr;
} }
if (!match_list) if (!match_list) {
return match_list; /* NULL */ return match_list; /* NULL */
}
/* Find the longest substring that is common to all results /* Find the longest substring that is common to all results
* (it is a candidate for completion), and store a copy in entry 0. * (it is a candidate for completion), and store a copy in entry 0.
@@ -2394,20 +2412,23 @@ char **ast_cli_completion_matches(const char *text, const char *word)
max_equal = i; max_equal = i;
} }
if (!(retstr = ast_malloc(max_equal + 1))) { retstr = ast_malloc(max_equal + 1);
ast_free(match_list); if (!retstr) {
destroy_match_list(match_list, matches);
return NULL; return NULL;
} }
ast_copy_string(retstr, match_list[1], max_equal + 1); ast_copy_string(retstr, match_list[1], max_equal + 1);
match_list[0] = retstr; match_list[0] = retstr;
/* ensure that the array is NULL terminated */ /* ensure that the array is NULL terminated */
if (matches + 1 >= match_list_len) { if (matches + 1 >= match_list_len) {
if (!(match_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list)))) { new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list));
if (!new_list) {
ast_free(retstr); ast_free(retstr);
destroy_match_list(match_list, matches);
return NULL; return NULL;
} }
match_list = new_list;
} }
match_list[matches + 1] = NULL; match_list[matches + 1] = NULL;

6
main/event.c
View File

@@ -311,13 +311,17 @@ static int event_append_ie_raw(struct ast_event **event, enum ast_event_ie_type
const void *data, size_t data_len) const void *data, size_t data_len)
{ {
struct ast_event_ie *ie; struct ast_event_ie *ie;
struct ast_event *old_event;
unsigned int extra_len; unsigned int extra_len;
uint16_t event_len; uint16_t event_len;
event_len = ntohs((*event)->event_len); event_len = ntohs((*event)->event_len);
extra_len = sizeof(*ie) + data_len; extra_len = sizeof(*ie) + data_len;
if (!(*event = ast_realloc(*event, event_len + extra_len))) { old_event = *event;
*event = ast_realloc(*event, event_len + extra_len);
if (!*event) {
ast_free(old_event);
return -1; return -1;
} }

13
main/heap.c
View File

@@ -181,18 +181,19 @@ static int grow_heap(struct ast_heap *h
#endif #endif
) )
{ {
h->avail_len = h->avail_len * 2 + 1; void **new_heap;
size_t new_len = h->avail_len * 2 + 1;
if (!(h->heap =
#ifdef MALLOC_DEBUG #ifdef MALLOC_DEBUG
__ast_realloc(h->heap, h->avail_len * sizeof(void *), file, lineno, func) new_heap = __ast_realloc(h->heap, new_len * sizeof(void *), file, lineno, func);
#else #else
ast_realloc(h->heap, h->avail_len * sizeof(void *)) new_heap = ast_realloc(h->heap, new_len * sizeof(void *));
#endif #endif
)) { if (!new_heap) {
h->cur_len = h->avail_len = 0;
return -1; return -1;
} }
h->heap = new_heap;
h->avail_len = new_len;
return 0; return 0;
} }

7
main/indications.c
View File

@@ -341,12 +341,12 @@ int ast_playtones_start(struct ast_channel *chan, int vol, const char *playlst,
} }
while ((s = strsep(&stringp, separator)) && !ast_strlen_zero(s)) { while ((s = strsep(&stringp, separator)) && !ast_strlen_zero(s)) {
struct playtones_item *new_items;
struct ast_tone_zone_part tone_data = { struct ast_tone_zone_part tone_data = {
.time = 0, .time = 0,
}; };
s = ast_strip(s); s = ast_strip(s);
if (s[0]=='!') { if (s[0]=='!') {
s++; s++;
} else if (d.reppos == -1) { } else if (d.reppos == -1) {
@@ -374,9 +374,12 @@ int ast_playtones_start(struct ast_channel *chan, int vol, const char *playlst,
} }
} }
if (!(d.items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items)))) { new_items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items));
if (!new_items) {
ast_free(d.items);
return -1; return -1;
} }
d.items = new_items;
d.items[d.nitems].fac1 = 2.0 * cos(2.0 * M_PI * (tone_data.freq1 / sample_rate)) * max_sample_val; d.items[d.nitems].fac1 = 2.0 * cos(2.0 * M_PI * (tone_data.freq1 / sample_rate)) * max_sample_val;
d.items[d.nitems].init_v2_1 = sin(-4.0 * M_PI * (tone_data.freq1 / sample_rate)) * d.vol; d.items[d.nitems].init_v2_1 = sin(-4.0 * M_PI * (tone_data.freq1 / sample_rate)) * d.vol;

13
main/xmldoc.c
View File

@@ -607,8 +607,11 @@ static struct ast_xml_node *xmldoc_get_node(const char *type, const char *name,
*/ */
static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reverse, int *len, char **syntax, const char *fmt, ...) static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reverse, int *len, char **syntax, const char *fmt, ...)
{ {
int totlen, tmpfmtlen; int totlen;
char *tmpfmt, tmp; int tmpfmtlen;
char *tmpfmt;
char *new_syntax;
char tmp;
va_list ap; va_list ap;
va_start(ap, fmt); va_start(ap, fmt);
@@ -621,12 +624,12 @@ static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reve
tmpfmtlen = strlen(tmpfmt); tmpfmtlen = strlen(tmpfmt);
totlen = *len + tmpfmtlen + 1; totlen = *len + tmpfmtlen + 1;
*syntax = ast_realloc(*syntax, totlen); new_syntax = ast_realloc(*syntax, totlen);
if (!new_syntax) {
if (!*syntax) {
ast_free(tmpfmt); ast_free(tmpfmt);
return; return;
} }
*syntax = new_syntax;
if (reverse) { if (reverse) {
memmove(*syntax + tmpfmtlen, *syntax, *len); memmove(*syntax + tmpfmtlen, *syntax, *len);

22
res/res_musiconhold.c
View File

@@ -1055,20 +1055,26 @@ static struct ast_generator mohgen = {
static int moh_add_file(struct mohclass *class, const char *filepath) static int moh_add_file(struct mohclass *class, const char *filepath)
{ {
if (!class->allowed_files) { if (!class->allowed_files) {
if (!(class->filearray = ast_calloc(1, INITIAL_NUM_FILES * sizeof(*class->filearray)))) class->filearray = ast_calloc(1, INITIAL_NUM_FILES * sizeof(*class->filearray));
return -1; if (!class->filearray) {
class->allowed_files = INITIAL_NUM_FILES;
} else if (class->total_files == class->allowed_files) {
if (!(class->filearray = ast_realloc(class->filearray, class->allowed_files * sizeof(*class->filearray) * 2))) {
class->allowed_files = 0;
class->total_files = 0;
return -1; return -1;
} }
class->allowed_files = INITIAL_NUM_FILES;
} else if (class->total_files == class->allowed_files) {
char **new_array;
new_array = ast_realloc(class->filearray, class->allowed_files * sizeof(*class->filearray) * 2);
if (!new_array) {
return -1;
}
class->filearray = new_array;
class->allowed_files *= 2; class->allowed_files *= 2;
} }
if (!(class->filearray[class->total_files] = ast_strdup(filepath))) class->filearray[class->total_files] = ast_strdup(filepath);
if (!class->filearray[class->total_files]) {
return -1; return -1;
}
class->total_files++; class->total_files++;

19
res/res_pjsip/pjsip_configuration.c
View File

@@ -290,6 +290,7 @@ void ast_sip_auth_array_destroy(struct ast_sip_auth_array *auths)
ast_free((char *) auths->names[i]); ast_free((char *) auths->names[i]);
} }
ast_free(auths->names); ast_free(auths->names);
auths->names = NULL;
auths->num = 0; auths->num = 0;
} }
@@ -300,22 +301,26 @@ int ast_sip_auth_array_init(struct ast_sip_auth_array *auths, const char *value)
char *auth_names = ast_strdupa(value); char *auth_names = ast_strdupa(value);
char *val; char *val;
int num_alloced = 0; int num_alloced = 0;
const char **alloced_auths = NULL; const char **alloced_auths;
ast_assert(auths != NULL);
ast_assert(auths->names == NULL);
ast_assert(!auths->num);
while ((val = strsep(&auth_names, ","))) { while ((val = strsep(&auth_names, ","))) {
if (auths->num >= num_alloced) { if (auths->num >= num_alloced) {
size_t size;
num_alloced += AUTH_INCREMENT; num_alloced += AUTH_INCREMENT;
size = num_alloced * sizeof(char *); alloced_auths = ast_realloc(auths->names, num_alloced * sizeof(char *));
auths->names = ast_realloc(alloced_auths, size); if (!alloced_auths) {
if (!auths->names) {
goto failure; goto failure;
} }
auths->names = alloced_auths;
} }
auths->names[auths->num] = ast_strdup(val); val = ast_strdup(val);
if (!auths->names[auths->num]) { if (!val) {
goto failure; goto failure;
} }
auths->names[auths->num] = val;
++auths->num; ++auths->num;
} }
return 0; return 0;