[asterisk-commits] rmudgett: branch 11 r398758 - in /branches/11: ./ funcs/ main/ res/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Sep 10 12:57:09 CDT 2013


Author: rmudgett
Date: Tue Sep 10 12:56:56 2013
New Revision: 398758

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=398758
Log:
Fix incorrect usages of ast_realloc().

There are several locations in the code base where this is done:
buf = ast_realloc(buf, new_size);

This is going to leak the original buf contents if the realloc fails.

Review: https://reviewboard.asterisk.org/r/2832/
........

Merged revisions 398757 from http://svn.asterisk.org/svn/asterisk/branches/1.8

Modified:
    branches/11/   (props changed)
    branches/11/funcs/func_dialgroup.c
    branches/11/main/asterisk.c
    branches/11/main/cli.c
    branches/11/main/event.c
    branches/11/main/heap.c
    branches/11/main/indications.c
    branches/11/main/xmldoc.c
    branches/11/res/res_musiconhold.c

Propchange: branches/11/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: branches/11/funcs/func_dialgroup.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/funcs/func_dialgroup.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/funcs/func_dialgroup.c (original)
+++ branches/11/funcs/func_dialgroup.c Tue Sep 10 12:56:56 2013
@@ -174,11 +174,17 @@
 {
 	int len = 500, res = 0;
 	char *buf = NULL;
+	char *new_buf;
 	char *dialgroup = ast_strdupa(cdialgroup);
 
 	do {
 		len *= 2;
-		buf = ast_realloc(buf, len);
+		new_buf = ast_realloc(buf, len);
+		if (!new_buf) {
+			ast_free(buf);
+			return -1;
+		}
+		buf = new_buf;
 
 		if ((res = dialgroup_read(chan, "", dialgroup, buf, len)) < 0) {
 			ast_free(buf);

Modified: branches/11/main/asterisk.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/main/asterisk.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/main/asterisk.c (original)
+++ branches/11/main/asterisk.c Tue Sep 10 12:56:56 2013
@@ -2640,45 +2640,62 @@
 	return ast_str_buffer(prompt);
 }
 
+static void destroy_match_list(char **match_list, int matches)
+{
+	if (match_list) {
+		int idx;
+
+		for (idx = 0; idx < matches; ++idx) {
+			ast_free(match_list[idx]);
+		}
+		ast_free(match_list);
+	}
+}
+
 static char **ast_el_strtoarr(char *buf)
 {
-	char **match_list = NULL, **match_list_tmp, *retstr;
-	size_t match_list_len;
+	char *retstr;
+	char **match_list = NULL;
+	char **new_list;
+	size_t match_list_len = 1;
 	int matches = 0;
 
-	match_list_len = 1;
-	while ( (retstr = strsep(&buf, " ")) != NULL) {
-
-		if (!strcmp(retstr, AST_CLI_COMPLETE_EOF))
+	while ((retstr = strsep(&buf, " "))) {
+		if (!strcmp(retstr, AST_CLI_COMPLETE_EOF)) {
 			break;
+		}
 		if (matches + 1 >= match_list_len) {
 			match_list_len <<= 1;
-			if ((match_list_tmp = ast_realloc(match_list, match_list_len * sizeof(char *)))) {
-				match_list = match_list_tmp;
-			} else {
-				if (match_list)
-					ast_free(match_list);
-				return (char **) NULL;
-			}
-		}
-
-		match_list[matches++] = ast_strdup(retstr);
-	}
-
-	if (!match_list)
-		return (char **) NULL;
+			new_list = ast_realloc(match_list, match_list_len * sizeof(char *));
+			if (!new_list) {
+				destroy_match_list(match_list, matches);
+				return NULL;
+			}
+			match_list = new_list;
+		}
+
+		retstr = ast_strdup(retstr);
+		if (!retstr) {
+			destroy_match_list(match_list, matches);
+			return NULL;
+		}
+		match_list[matches++] = retstr;
+	}
+
+	if (!match_list) {
+		return NULL;
+	}
 
 	if (matches >= match_list_len) {
-		if ((match_list_tmp = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *)))) {
-			match_list = match_list_tmp;
-		} else {
-			if (match_list)
-				ast_free(match_list);
-			return (char **) NULL;
-		}
-	}
-
-	match_list[matches] = (char *) NULL;
+		new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(char *));
+		if (!new_list) {
+			destroy_match_list(match_list, matches);
+			return NULL;
+		}
+		match_list = new_list;
+	}
+
+	match_list[matches] = NULL;
 
 	return match_list;
 }
@@ -2779,7 +2796,9 @@
 
 		if (nummatches > 0) {
 			char *mbuf;
+			char *new_mbuf;
 			int mlen = 0, maxmbuf = 2048;
+
 			/* Start with a 2048 byte buffer */
 			if (!(mbuf = ast_malloc(maxmbuf))) {
 				*((char *) lf->cursor) = savechr;
@@ -2793,10 +2812,13 @@
 				if (mlen + 1024 > maxmbuf) {
 					/* Every step increment buffer 1024 bytes */
 					maxmbuf += 1024;
-					if (!(mbuf = ast_realloc(mbuf, maxmbuf))) {
+					new_mbuf = ast_realloc(mbuf, maxmbuf);
+					if (!new_mbuf) {
+						ast_free(mbuf);
 						*((char *) lf->cursor) = savechr;
 						return (char *)(CC_ERROR);
 					}
+					mbuf = new_mbuf;
 				}
 				/* Only read 1024 bytes at a time */
 				res = read(ast_consock, mbuf + mlen, 1024);

Modified: branches/11/main/cli.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/main/cli.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/main/cli.c (original)
+++ branches/11/main/cli.c Tue Sep 10 12:56:56 2013
@@ -2370,9 +2370,22 @@
 	return matches;
 }
 
+static void destroy_match_list(char **match_list, int matches)
+{
+	if (match_list) {
+		int idx;
+
+		for (idx = 1; idx < matches; ++idx) {
+			ast_free(match_list[idx]);
+		}
+		ast_free(match_list);
+	}
+}
+
 char **ast_cli_completion_matches(const char *text, const char *word)
 {
 	char **match_list = NULL, *retstr, *prevstr;
+	char **new_list;
 	size_t match_list_len, max_equal, which, i;
 	int matches = 0;
 
@@ -2381,14 +2394,19 @@
 	while ((retstr = ast_cli_generator(text, word, matches)) != NULL) {
 		if (matches + 1 >= match_list_len) {
 			match_list_len <<= 1;
-			if (!(match_list = ast_realloc(match_list, match_list_len * sizeof(*match_list))))
+			new_list = ast_realloc(match_list, match_list_len * sizeof(*match_list));
+			if (!new_list) {
+				destroy_match_list(match_list, matches);
 				return NULL;
+			}
+			match_list = new_list;
 		}
 		match_list[++matches] = retstr;
 	}
 
-	if (!match_list)
+	if (!match_list) {
 		return match_list; /* NULL */
+	}
 
 	/* Find the longest substring that is common to all results
 	 * (it is a candidate for completion), and store a copy in entry 0.
@@ -2401,20 +2419,23 @@
 		max_equal = i;
 	}
 
-	if (!(retstr = ast_malloc(max_equal + 1))) {
-		ast_free(match_list);
-		return NULL;
-	}
-
+	retstr = ast_malloc(max_equal + 1);
+	if (!retstr) {
+		destroy_match_list(match_list, matches);
+		return NULL;
+	}
 	ast_copy_string(retstr, match_list[1], max_equal + 1);
 	match_list[0] = retstr;
 
 	/* ensure that the array is NULL terminated */
 	if (matches + 1 >= match_list_len) {
-		if (!(match_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list)))) {
+		new_list = ast_realloc(match_list, (match_list_len + 1) * sizeof(*match_list));
+		if (!new_list) {
 			ast_free(retstr);
+			destroy_match_list(match_list, matches);
 			return NULL;
 		}
+		match_list = new_list;
 	}
 	match_list[matches + 1] = NULL;
 

Modified: branches/11/main/event.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/main/event.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/main/event.c (original)
+++ branches/11/main/event.c Tue Sep 10 12:56:56 2013
@@ -1197,13 +1197,17 @@
 	const void *data, size_t data_len)
 {
 	struct ast_event_ie *ie;
+	struct ast_event *old_event;
 	unsigned int extra_len;
 	uint16_t event_len;
 
 	event_len = ntohs((*event)->event_len);
 	extra_len = sizeof(*ie) + data_len;
 
-	if (!(*event = ast_realloc(*event, event_len + extra_len))) {
+	old_event = *event;
+	*event = ast_realloc(*event, event_len + extra_len);
+	if (!*event) {
+		ast_free(old_event);
 		return -1;
 	}
 

Modified: branches/11/main/heap.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/main/heap.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/main/heap.c (original)
+++ branches/11/main/heap.c Tue Sep 10 12:56:56 2013
@@ -181,18 +181,19 @@
 #endif
 )
 {
-	h->avail_len = h->avail_len * 2 + 1;
-
-	if (!(h->heap =
-#ifdef MALLOC_DEBUG
-			__ast_realloc(h->heap, h->avail_len * sizeof(void *), file, lineno, func)
-#else
-			ast_realloc(h->heap, h->avail_len * sizeof(void *))
-#endif
-		)) {
-		h->cur_len = h->avail_len = 0;
+	void **new_heap;
+	size_t new_len = h->avail_len * 2 + 1;
+
+#ifdef MALLOC_DEBUG
+	new_heap = __ast_realloc(h->heap, new_len * sizeof(void *), file, lineno, func);
+#else
+	new_heap = ast_realloc(h->heap, new_len * sizeof(void *));
+#endif
+	if (!new_heap) {
 		return -1;
 	}
+	h->heap = new_heap;
+	h->avail_len = new_len;
 
 	return 0;
 }

Modified: branches/11/main/indications.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/main/indications.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/main/indications.c (original)
+++ branches/11/main/indications.c Tue Sep 10 12:56:56 2013
@@ -341,12 +341,12 @@
 	}
 
 	while ((s = strsep(&stringp, separator)) && !ast_strlen_zero(s)) {
+		struct playtones_item *new_items;
 		struct ast_tone_zone_part tone_data = {
 			.time = 0,
 		};
 
 		s = ast_strip(s);
-
 		if (s[0]=='!') {
 			s++;
 		} else if (d.reppos == -1) {
@@ -374,9 +374,12 @@
 			}
 		}
 
-		if (!(d.items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items)))) {
+		new_items = ast_realloc(d.items, (d.nitems + 1) * sizeof(*d.items));
+		if (!new_items) {
+			ast_free(d.items);
 			return -1;
 		}
+		d.items = new_items;
 
 		d.items[d.nitems].fac1 = 2.0 * cos(2.0 * M_PI * (tone_data.freq1 / sample_rate)) * max_sample_val;
 		d.items[d.nitems].init_v2_1 = sin(-4.0 * M_PI * (tone_data.freq1 / sample_rate)) * d.vol;

Modified: branches/11/main/xmldoc.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/main/xmldoc.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/main/xmldoc.c (original)
+++ branches/11/main/xmldoc.c Tue Sep 10 12:56:56 2013
@@ -578,8 +578,11 @@
  */
 static void __attribute__((format(printf, 4, 5))) xmldoc_reverse_helper(int reverse, int *len, char **syntax, const char *fmt, ...)
 {
-	int totlen, tmpfmtlen;
-	char *tmpfmt, tmp;
+	int totlen;
+	int tmpfmtlen;
+	char *tmpfmt;
+	char *new_syntax;
+	char tmp;
 	va_list ap;
 
 	va_start(ap, fmt);
@@ -592,12 +595,12 @@
 	tmpfmtlen = strlen(tmpfmt);
 	totlen = *len + tmpfmtlen + 1;
 
-	*syntax = ast_realloc(*syntax, totlen);
-
-	if (!*syntax) {
+	new_syntax = ast_realloc(*syntax, totlen);
+	if (!new_syntax) {
 		ast_free(tmpfmt);
 		return;
 	}
+	*syntax = new_syntax;
 
 	if (reverse) {
 		memmove(*syntax + tmpfmtlen, *syntax, *len);

Modified: branches/11/res/res_musiconhold.c
URL: http://svnview.digium.com/svn/asterisk/branches/11/res/res_musiconhold.c?view=diff&rev=398758&r1=398757&r2=398758
==============================================================================
--- branches/11/res/res_musiconhold.c (original)
+++ branches/11/res/res_musiconhold.c Tue Sep 10 12:56:56 2013
@@ -1047,20 +1047,26 @@
 static int moh_add_file(struct mohclass *class, const char *filepath)
 {
 	if (!class->allowed_files) {
-		if (!(class->filearray = ast_calloc(1, INITIAL_NUM_FILES * sizeof(*class->filearray))))
+		class->filearray = ast_calloc(1, INITIAL_NUM_FILES * sizeof(*class->filearray));
+		if (!class->filearray) {
 			return -1;
+		}
 		class->allowed_files = INITIAL_NUM_FILES;
 	} else if (class->total_files == class->allowed_files) {
-		if (!(class->filearray = ast_realloc(class->filearray, class->allowed_files * sizeof(*class->filearray) * 2))) {
-			class->allowed_files = 0;
-			class->total_files = 0;
+		char **new_array;
+
+		new_array = ast_realloc(class->filearray, class->allowed_files * sizeof(*class->filearray) * 2);
+		if (!new_array) {
 			return -1;
 		}
+		class->filearray = new_array;
 		class->allowed_files *= 2;
 	}
 
-	if (!(class->filearray[class->total_files] = ast_strdup(filepath)))
-		return -1;
+	class->filearray[class->total_files] = ast_strdup(filepath);
+	if (!class->filearray[class->total_files]) {
+		return -1;
+	}
 
 	class->total_files++;
 




More information about the asterisk-commits mailing list