[Asterisk-code-review] fix: memory leaks, resource leaks, out of bounds and bugs (asterisk[13])
Anonymous Coward
asteriskteam at digium.com
Tue Jun 21 07:02:19 CDT 2016
Anonymous Coward #1000019 has submitted this change and it was merged.
Change subject: fix: memory leaks, resource leaks, out of bounds and bugs
......................................................................
fix: memory leaks, resource leaks, out of bounds and bugs
ASTERISK-26119 #close
Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c
---
M main/ast_expr2.c
M main/ast_expr2.y
M main/say.c
M res/ael/pval.c
M res/res_phoneprov.c
M res/res_pjsip_sdp_rtp.c
6 files changed, 74 insertions(+), 25 deletions(-)
Approvals:
Richard Mudgett: Looks good to me, but someone else must approve
Anonymous Coward #1000019: Verified
Joshua Colp: Looks good to me, approved
diff --git a/main/ast_expr2.c b/main/ast_expr2.c
index a9e4eff..781abd9 100644
--- a/main/ast_expr2.c
+++ b/main/ast_expr2.c
@@ -3668,13 +3668,20 @@
/* strip double quotes from both -- */
strip_quotes(a);
strip_quotes(b);
-
+
vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+ if (vs == NULL) {
+ ast_log(LOG_WARNING, "malloc() failed\n");
+ return NULL;
+ }
+
strcpy(vs,a->u.s);
strcat(vs,b->u.s);
v = make_str(vs);
+ free(vs);
+
/* free arguments */
free_value(a);
free_value(b);
diff --git a/main/ast_expr2.y b/main/ast_expr2.y
index 869dfe9..913bc26 100644
--- a/main/ast_expr2.y
+++ b/main/ast_expr2.y
@@ -1661,13 +1661,20 @@
/* strip double quotes from both -- */
strip_quotes(a);
strip_quotes(b);
-
+
vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+ if (vs == NULL) {
+ ast_log(LOG_WARNING, "malloc() failed\n");
+ return NULL;
+ }
+
strcpy(vs,a->u.s);
strcat(vs,b->u.s);
v = make_str(vs);
+ free(vs);
+
/* free arguments */
free_value(a);
free_value(b);
diff --git a/main/say.c b/main/say.c
index ef80dfa..51dc4e2 100644
--- a/main/say.c
+++ b/main/say.c
@@ -7948,9 +7948,9 @@
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
- sndoffset=0;
- for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < 256) ; sndoffset++)
+ for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
+ }
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
diff --git a/res/ael/pval.c b/res/ael/pval.c
index d72ef0d..07545f6 100644
--- a/res/ael/pval.c
+++ b/res/ael/pval.c
@@ -3355,9 +3355,9 @@
#ifdef OLD_RAND_ACTION
struct ael_priority *rand_test, *rand_end, *rand_skip;
#endif
- char *buf1;
- char *buf2;
- char *new_label;
+ RAII_VAR(char *, buf1, NULL, free);
+ RAII_VAR(char *, buf2, NULL, free);
+ RAII_VAR(char *, new_label, NULL, free);
char *strp, *strp2;
int default_exists;
int local_control_statement_count;
@@ -4191,9 +4191,6 @@
break;
}
}
- free(buf1);
- free(buf2);
- free(new_label);
return 0;
}
@@ -5052,7 +5049,10 @@
pval *pvalCreateNode( pvaltype type )
{
pval *p = calloc(1,sizeof(pval)); /* why, oh why, don't I use ast_calloc? Way, way, way too messy if I do! */
- p->type = type; /* remember, this can be used externally or internally to asterisk */
+ /* remember, this can be used externally or internally to asterisk */
+ if (p) {
+ p->type = type;
+ }
return p;
}
@@ -5413,14 +5413,30 @@
void pvalIncludesAddIncludeWithTimeConstraints( pval *p, const char *include, char *hour_range, char *dom_range, char *dow_range, char *month_range )
{
- pval *hr = pvalCreateNode(PV_WORD);
- pval *dom = pvalCreateNode(PV_WORD);
- pval *dow = pvalCreateNode(PV_WORD);
- pval *mon = pvalCreateNode(PV_WORD);
- pval *s = pvalCreateNode(PV_WORD);
-
- if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES))
+ pval *hr;
+ pval *dom;
+ pval *dow;
+ pval *mon;
+ pval *s;
+
+ if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES)) {
return;
+ }
+
+ hr = pvalCreateNode(PV_WORD);
+ dom = pvalCreateNode(PV_WORD);
+ dow = pvalCreateNode(PV_WORD);
+ mon = pvalCreateNode(PV_WORD);
+ s = pvalCreateNode(PV_WORD);
+
+ if (!hr || !dom || !dow || !mon || !s) {
+ destroy_pval(hr);
+ destroy_pval(dom);
+ destroy_pval(dow);
+ destroy_pval(mon);
+ destroy_pval(s);
+ return;
+ }
s->u1.str = (char *)include;
p->u1.list = linku1(p->u1.list, s);
@@ -5667,12 +5683,28 @@
void pvalIfTimeSetCondition( pval *p, char *hour_range, char *dow_range, char *dom_range, char *mon_range ) /* time range format: 24-hour format begin-end|dow range|dom range|month range */
{
- pval *hr = pvalCreateNode(PV_WORD);
- pval *dow = pvalCreateNode(PV_WORD);
- pval *dom = pvalCreateNode(PV_WORD);
- pval *mon = pvalCreateNode(PV_WORD);
- if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME))
+ pval *hr;
+ pval *dow;
+ pval *dom;
+ pval *mon;
+
+ if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME)) {
return;
+ }
+
+ hr = pvalCreateNode(PV_WORD);
+ dow = pvalCreateNode(PV_WORD);
+ dom = pvalCreateNode(PV_WORD);
+ mon = pvalCreateNode(PV_WORD);
+
+ if (!hr || !dom || !dow || !mon) {
+ destroy_pval(hr);
+ destroy_pval(dom);
+ destroy_pval(dow);
+ destroy_pval(mon);
+ return;
+ }
+
pvalWordSetString(hr, hour_range);
pvalWordSetString(dow, dow_range);
pvalWordSetString(dom, dom_range);
diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c
index df93c5b..71f8757 100644
--- a/res/res_phoneprov.c
+++ b/res/res_phoneprov.c
@@ -410,10 +410,13 @@
fseek(f, 0, SEEK_END);
len = ftell(f);
fseek(f, 0, SEEK_SET);
- if (!(*ret = ast_malloc(len + 1)))
+ if (!(*ret = ast_malloc(len + 1))) {
+ fclose(f);
return -2;
+ }
if (len != fread(*ret, sizeof(char), len, f)) {
+ fclose(f);
free(*ret);
*ret = NULL;
return -3;
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 18a7f3f..029eb5d 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -420,7 +420,7 @@
*++tmp = '\0';
/* ast...generate gives us everything, just need value */
tmp = strchr(ast_str_buffer(fmtp0), ':');
- if (tmp && tmp + 1) {
+ if (tmp && tmp[1] != '\0') {
fmtp1 = pj_str(tmp + 1);
} else {
fmtp1 = pj_str(ast_str_buffer(fmtp0));
--
To view, visit https://gerrit.asterisk.org/3036
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c
Gerrit-PatchSet: 6
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Scott Griepentrog <sgriepentrog at digium.com>
Gerrit-Reviewer: ibercom <ibercom123 at gmail.com>
More information about the asterisk-code-review
mailing list