diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-04-02 00:07:54 -0700 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-04-15 20:14:30 -0700 |
| commit | 1222f974442f3d419664be4faca576f5f1457666 (patch) | |
| tree | 44917b16739cf497dcf1d1590f41c3e834e48d59 | |
| parent | ca65a92405500393f09d34388edbbf6350e6c146 (diff) | |
Ensure ARRAY* structs are zero'ed out when allocation fails
In the past some callers forgot to either initialize themselves or to
check the return values, so could try to read or write to uninitialized
pointers - we set the pointer to NULL & the size to 0 to avoid that.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
| -rw-r--r-- | Array.c | 28 |
1 files changed, 21 insertions, 7 deletions
@@ -62,8 +62,11 @@ XdmcpAllocARRAY8 (ARRAY8Ptr array, int length) return FALSE; newData = (CARD8Ptr) xmalloc(length * sizeof (CARD8)); - if (!newData) + if (!newData) { + array->length = 0; + array->data = NULL; return FALSE; + } array->length = (CARD16) length; array->data = newData; return TRUE; @@ -79,8 +82,11 @@ XdmcpAllocARRAY16 (ARRAY16Ptr array, int length) return FALSE; newData = (CARD16Ptr) xmalloc(length * sizeof (CARD16)); - if (!newData) + if (!newData) { + array->length = 0; + array->data = NULL; return FALSE; + } array->length = (CARD8) length; array->data = newData; return TRUE; @@ -96,8 +102,11 @@ XdmcpAllocARRAY32 (ARRAY32Ptr array, int length) return FALSE; newData = (CARD32Ptr) xmalloc(length * sizeof (CARD32)); - if (!newData) + if (!newData) { + array->length = 0; + array->data = NULL; return FALSE; + } array->length = (CARD8) length; array->data = newData; return TRUE; @@ -113,8 +122,11 @@ XdmcpAllocARRAYofARRAY8 (ARRAYofARRAY8Ptr array, int length) return FALSE; newData = (ARRAY8Ptr) xmalloc(length * sizeof (ARRAY8)); - if (!newData) + if (!newData) { + array->length = 0; + array->data = NULL; return FALSE; + } array->length = (CARD8) length; array->data = newData; return TRUE; @@ -133,10 +145,12 @@ XdmcpARRAY8Equal (const ARRAY8Ptr array1, const ARRAY8Ptr array2) int XdmcpCopyARRAY8 (const ARRAY8Ptr src, ARRAY8Ptr dst) { - dst->length = src->length; - dst->data = (CARD8 *) xmalloc(dst->length * sizeof (CARD8)); - if (!dst->data) + dst->data = (CARD8 *) xmalloc(src->length * sizeof (CARD8)); + if (!dst->data) { + dst->length = 0; return FALSE; + } + dst->length = src->length; memmove (dst->data, src->data, src->length * sizeof (CARD8)); return TRUE; } |