From d1ab9dbc5f0c35aa10ee0c67b9dc2eb6fd31dd13 Mon Sep 17 00:00:00 2001 From: Klaus Schmidinger Date: Fri, 25 Feb 2011 15:25:42 +0100 Subject: Now checking the result of all realloc() calls --- HISTORY | 3 ++- device.c | 30 +++++++++++++++++++--------- dvbsubtitle.c | 13 ++++++++---- epg.c | 27 ++++++++++++++++--------- epg.h | 4 ++-- menu.c | 12 ++++++++--- recording.c | 64 +++++++++++++++++++++++++++++++++++++---------------------- remux.c | 3 ++- svdrp.c | 14 ++++++++++--- themes.c | 32 +++++++++++++++++++++++------- tools.c | 57 ++++++++++++++++++++++++++++++++++++++++------------ tools.h | 6 +++++- 12 files changed, 188 insertions(+), 77 deletions(-) diff --git a/HISTORY b/HISTORY index 79ec7a95..b875ea99 100644 --- a/HISTORY +++ b/HISTORY @@ -6481,7 +6481,7 @@ Video Disk Recorder Revision History from Osama Alrawab). See INSTALL for information on how to turn this on. - Added Arabian language texts (thanks to Osama Alrawab). -2011-02-20: Version 1.7.17 +2011-02-25: Version 1.7.17 - Updated the Estonian OSD texts (thanks to Arthur Konovalov). - Fixed following symbolic links in RemoveFileOrDir() (cont'd) (thanks to @@ -6538,3 +6538,4 @@ Video Disk Recorder Revision History - Fixed reallocating memory in the "pictures" plugin (reported by Paul Menzel, with input from Oliver Endriss). - Fixed reallocating memory in cTsToPes::PutTs() (suggested by Oliver Endriss). +- Now checking the result of all realloc() calls. diff --git a/device.c b/device.c index 681049b8..60340c06 100644 --- a/device.c +++ b/device.c @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: device.c 2.37 2010/06/03 13:35:02 kls Exp $ + * $Id: device.c 2.38 2011/02/25 15:12:03 kls Exp $ */ #include "device.h" @@ -1087,11 +1087,17 @@ void cDevice::StillPicture(const uchar *Data, int Length) int l; while (const uchar *p = TsToPes.GetPes(l)) { int Offset = Size; - Size += l; - buf = (uchar *)realloc(buf, Size); - if (!buf) + int NewSize = Size + l; + if (uchar *NewBuffer = (uchar *)realloc(buf, NewSize)) { + Size = NewSize; + buf = NewBuffer; + memcpy(buf + Offset, p, l); + } + else { + LOG_ERROR_STR("out of memory"); + free(buf); return; - memcpy(buf + Offset, p, l); + } } TsToPes.Reset(); } @@ -1103,11 +1109,17 @@ void cDevice::StillPicture(const uchar *Data, int Length) int l; while (const uchar *p = TsToPes.GetPes(l)) { int Offset = Size; - Size += l; - buf = (uchar *)realloc(buf, Size); - if (!buf) + int NewSize = Size + l; + if (uchar *NewBuffer = (uchar *)realloc(buf, NewSize)) { + Size = NewSize; + buf = NewBuffer; + memcpy(buf + Offset, p, l); + } + else { + esyslog("ERROR: out of memory"); + free(buf); return; - memcpy(buf + Offset, p, l); + } } StillPicture(buf, Size); free(buf); diff --git a/dvbsubtitle.c b/dvbsubtitle.c index 39dddb59..98a45188 100644 --- a/dvbsubtitle.c +++ b/dvbsubtitle.c @@ -7,7 +7,7 @@ * Original author: Marco Schlüßler * With some input from the "subtitle plugin" by Pekka Virtanen * - * $Id: dvbsubtitle.c 2.8 2010/10/24 12:25:45 kls Exp $ + * $Id: dvbsubtitle.c 2.9 2011/02/25 15:13:32 kls Exp $ */ #include "dvbsubtitle.h" @@ -570,12 +570,17 @@ void cDvbSubtitleAssembler::Reset(void) bool cDvbSubtitleAssembler::Realloc(int Size) { if (Size > size) { - size = max(Size, 2048); - data = (uchar *)realloc(data, size); - if (!data) { + Size = max(Size, 2048); + if (uchar *NewBuffer = (uchar *)realloc(data, Size)) { + size = Size; + data = NewBuffer; + } + else { esyslog("ERROR: can't allocate memory for subtitle assembler"); length = 0; size = 0; + free(data); + data = NULL; return false; } } diff --git a/epg.c b/epg.c index 18d91fc7..c2d1783d 100644 --- a/epg.c +++ b/epg.c @@ -7,7 +7,7 @@ * Original version (as used in VDR before 1.3.0) written by * Robert Schneider and Rolf Hakenes . * - * $Id: epg.c 2.6 2010/02/28 14:24:55 kls Exp $ + * $Id: epg.c 2.7 2011/02/25 15:16:05 kls Exp $ */ #include "epg.h" @@ -56,25 +56,34 @@ cComponents::~cComponents(void) free(components); } -void cComponents::Realloc(int Index) +bool cComponents::Realloc(int Index) { if (Index >= numComponents) { - int n = numComponents; - numComponents = Index + 1; - components = (tComponent *)realloc(components, numComponents * sizeof(tComponent)); - memset(&components[n], 0, sizeof(tComponent) * (numComponents - n)); + Index++; + if (tComponent *NewBuffer = (tComponent *)realloc(components, Index * sizeof(tComponent))) { + int n = numComponents; + numComponents = Index; + components = NewBuffer; + memset(&components[n], 0, sizeof(tComponent) * (numComponents - n)); + } + else { + esyslog("ERROR: out of memory"); + return false; + } } + return true; } void cComponents::SetComponent(int Index, const char *s) { - Realloc(Index); - components[Index].FromString(s); + if (Realloc(Index)) + components[Index].FromString(s); } void cComponents::SetComponent(int Index, uchar Stream, uchar Type, const char *Language, const char *Description) { - Realloc(Index); + if (!Realloc(Index)) + return; tComponent *p = &components[Index]; p->stream = Stream; p->type = Type; diff --git a/epg.h b/epg.h index 5555c2e9..e5f4bdae 100644 --- a/epg.h +++ b/epg.h @@ -7,7 +7,7 @@ * Original version (as used in VDR before 1.3.0) written by * Robert Schneider and Rolf Hakenes . * - * $Id: epg.h 2.4 2010/01/08 15:20:34 kls Exp $ + * $Id: epg.h 2.5 2011/02/25 14:14:38 kls Exp $ */ #ifndef __EPG_H @@ -51,7 +51,7 @@ class cComponents { private: int numComponents; tComponent *components; - void Realloc(int Index); + bool Realloc(int Index); public: cComponents(void); ~cComponents(void); diff --git a/menu.c b/menu.c index 8b31de52..a371d820 100644 --- a/menu.c +++ b/menu.c @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: menu.c 2.25 2010/12/12 13:36:20 kls Exp $ + * $Id: menu.c 2.26 2011/02/25 14:24:32 kls Exp $ */ #include "menu.h" @@ -1860,8 +1860,14 @@ eOSState cMenuCommands::Execute(void) int l = 0; int c; while ((c = fgetc(p)) != EOF) { - if (l % 20 == 0) - result = (char *)realloc(result, l + 21); + if (l % 20 == 0) { + if (char *NewBuffer = (char *)realloc(result, l + 21)) + result = NewBuffer; + else { + esyslog("ERROR: out of memory"); + break; + } + } result[l++] = char(c); } if (result) diff --git a/recording.c b/recording.c index e0f5b279..b86300d2 100644 --- a/recording.c +++ b/recording.c @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: recording.c 2.24 2010/12/27 12:02:00 kls Exp $ + * $Id: recording.c 2.25 2011/02/25 14:35:19 kls Exp $ */ #include "recording.h" @@ -548,13 +548,17 @@ char *ExchangeChars(char *s, bool ToFileSystem) default: if (strchr(InvalidChars, *p) || *p == '.' && (!*(p + 1) || *(p + 1) == FOLDERDELIMCHAR)) { // Windows can't handle '.' at the end of file/directory names int l = p - s; - s = (char *)realloc(s, strlen(s) + 10); - p = s + l; - char buf[4]; - sprintf(buf, "#%02X", (unsigned char)*p); - memmove(p + 2, p, strlen(p) + 1); - strncpy(p, buf, 3); - p += 2; + if (char *NewBuffer = (char *)realloc(s, strlen(s) + 10)) { + s = NewBuffer; + p = s + l; + char buf[4]; + sprintf(buf, "#%02X", (unsigned char)*p); + memmove(p + 2, p, strlen(p) + 1); + strncpy(p, buf, 3); + p += 2; + } + else + esyslog("ERROR: out of memory"); } } } @@ -729,9 +733,13 @@ cRecording::cRecording(const char *FileName) if (data[line]) { int len = strlen(s); len += strlen(data[line]) + 1; - data[line] = (char *)realloc(data[line], len + 1); - strcat(data[line], "\n"); - strcat(data[line], s); + if (char *NewBuffer = (char *)realloc(data[line], len + 1)) { + data[line] = NewBuffer; + strcat(data[line], "\n"); + strcat(data[line], s); + } + else + esyslog("ERROR: out of memory"); } else data[line] = strdup(s); @@ -750,12 +758,16 @@ cRecording::cRecording(const char *FileName) // line 1 and line 2 to be the long text: int len = strlen(data[1]); if (len > 80) { - data[1] = (char *)realloc(data[1], len + 1 + strlen(data[2]) + 1); - strcat(data[1], "\n"); - strcat(data[1], data[2]); - free(data[2]); - data[2] = data[1]; - data[1] = NULL; + if (char *NewBuffer = (char *)realloc(data[1], len + 1 + strlen(data[2]) + 1)) { + data[1] = NewBuffer; + strcat(data[1], "\n"); + strcat(data[1], data[2]); + free(data[2]); + data[2] = data[1]; + data[1] = NULL; + } + else + esyslog("ERROR: out of memory"); } } info->SetData(data[0], data[1], data[2]); @@ -1620,13 +1632,15 @@ bool cIndexFile::CatchUp(int Index) } int newLast = int(buf.st_size / sizeof(tIndexTs) - 1); if (newLast > last) { - if (size <= newLast) { - size *= 2; - if (size <= newLast) - size = newLast + 1; + int NewSize = size; + if (NewSize <= newLast) { + NewSize *= 2; + if (NewSize <= newLast) + NewSize = newLast + 1; } - index = (tIndexTs *)realloc(index, size * sizeof(tIndexTs)); - if (index) { + if (tIndexTs *NewBuffer = (tIndexTs *)realloc(index, NewSize * sizeof(tIndexTs))) { + size = NewSize; + index = NewBuffer; int offset = (last + 1) * sizeof(tIndexTs); int delta = (newLast - last) * sizeof(tIndexTs); if (lseek(f, offset, SEEK_SET) == offset) { @@ -1645,8 +1659,10 @@ bool cIndexFile::CatchUp(int Index) else LOG_ERROR_STR(fileName); } - else + else { esyslog("ERROR: can't realloc() index"); + break; + } } } else diff --git a/remux.c b/remux.c index fd47d3c3..40101212 100644 --- a/remux.c +++ b/remux.c @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: remux.c 2.49 2011/02/20 17:27:47 kls Exp $ + * $Id: remux.c 2.50 2011/02/25 15:19:57 kls Exp $ */ #include "remux.h" @@ -672,6 +672,7 @@ void cTsToPes::PutTs(const uchar *Data, int Length) size = NewSize; } else { + esyslog("ERROR: out of memory"); Reset(); return; } diff --git a/svdrp.c b/svdrp.c index cb9a9351..fe3bcc7c 100644 --- a/svdrp.c +++ b/svdrp.c @@ -10,7 +10,7 @@ * and interact with the Video Disk Recorder - or write a full featured * graphical interface that sits on top of an SVDRP connection. * - * $Id: svdrp.c 2.8 2010/01/17 12:23:31 kls Exp $ + * $Id: svdrp.c 2.9 2011/02/25 14:38:45 kls Exp $ */ #include "svdrp.h" @@ -1664,8 +1664,16 @@ bool cSVDRP::Process(void) } else { if (numChars >= length - 1) { - length += BUFSIZ; - cmdLine = (char *)realloc(cmdLine, length); + int NewLength = length + BUFSIZ; + if (char *NewBuffer = (char *)realloc(cmdLine, NewLength)) { + length = NewLength; + cmdLine = NewBuffer; + } + else { + esyslog("ERROR: out of memory"); + Close(); + break; + } } cmdLine[numChars++] = c; cmdLine[numChars] = 0; diff --git a/themes.c b/themes.c index e6ee87e3..034ec0b9 100644 --- a/themes.c +++ b/themes.c @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: themes.c 1.8 2008/02/10 16:25:00 kls Exp $ + * $Id: themes.c 2.1 2011/02/25 14:45:18 kls Exp $ */ #include "themes.h" @@ -248,12 +248,30 @@ bool cThemes::Load(const char *SkinName) cString FileName = AddDirectory(themesDirectory, e->d_name); cTheme Theme; if (Theme.Load(*FileName, true)) { - names = (char **)realloc(names, (numThemes + 1) * sizeof(char *)); - names[numThemes] = strdup(Theme.Name()); - fileNames = (char **)realloc(fileNames, (numThemes + 1) * sizeof(char *)); - fileNames[numThemes] = strdup(*FileName); - descriptions = (char **)realloc(descriptions, (numThemes + 1) * sizeof(char *)); - descriptions[numThemes] = strdup(Theme.Description()); + if (char **NewBuffer = (char **)realloc(names, (numThemes + 1) * sizeof(char *))) { + names = NewBuffer; + names[numThemes] = strdup(Theme.Name()); + } + else { + esyslog("ERROR: out of memory"); + break; + } + if (char **NewBuffer = (char **)realloc(fileNames, (numThemes + 1) * sizeof(char *))) { + fileNames = NewBuffer; + fileNames[numThemes] = strdup(*FileName); + } + else { + esyslog("ERROR: out of memory"); + break; + } + if (char **NewBuffer = (char **)realloc(descriptions, (numThemes + 1) * sizeof(char *))) { + descriptions = NewBuffer; + descriptions[numThemes] = strdup(Theme.Description()); + } + else { + esyslog("ERROR: out of memory"); + break; + } numThemes++; } } diff --git a/tools.c b/tools.c index 7746dc03..d03595e6 100644 --- a/tools.c +++ b/tools.c @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: tools.c 2.11 2010/12/12 23:15:38 kls Exp $ + * $Id: tools.c 2.12 2011/02/25 14:58:31 kls Exp $ */ #include "tools.h" @@ -156,8 +156,14 @@ char *strreplace(char *s, const char *s1, const char *s2) int l = strlen(s); int l1 = strlen(s1); int l2 = strlen(s2); - if (l2 > l1) - s = (char *)realloc(s, l + l2 - l1 + 1); + if (l2 > l1) { + if (char *NewBuffer = (char *)realloc(s, l + l2 - l1 + 1)) + s = NewBuffer; + else { + esyslog("ERROR: out of memory"); + return s; + } + } char *sof = s + of; if (l2 != l1) memmove(sof + l2, sof + l1, l - of - l1 + 1); @@ -819,8 +825,15 @@ const char *cCharSetConv::Convert(const char *From, char *To, size_t ToLength) size_t FromLength = strlen(From); char *ToPtr = To; if (!ToPtr) { - length = max(length, FromLength * 2); // some reserve to avoid later reallocations - result = (char *)realloc(result, length); + int NewLength = max(length, FromLength * 2); // some reserve to avoid later reallocations + if (char *NewBuffer = (char *)realloc(result, NewLength)) { + length = NewLength; + result = NewBuffer; + } + else { + esyslog("ERROR: out of memory"); + return From; + } ToPtr = result; ToLength = length; } @@ -836,8 +849,15 @@ const char *cCharSetConv::Convert(const char *From, char *To, size_t ToLength) // The result buffer is too small, so increase it: size_t d = ToPtr - result; size_t r = length / 2; - length += r; - Converted = result = (char *)realloc(result, length); + int NewLength = length + r; + if (char *NewBuffer = (char *)realloc(result, NewLength)) { + length = NewLength; + Converted = result = NewBuffer; + } + else { + esyslog("ERROR: out of memory"); + return From; + } ToLength += r; ToPtr = result + d; } @@ -1029,15 +1049,22 @@ static boolean JpegCompressEmptyOutputBuffer(j_compress_ptr cinfo) tJpegCompressData *jcd = (tJpegCompressData *)cinfo->client_data; if (jcd) { int Used = jcd->size; - jcd->size += JPEGCOMPRESSMEM; - jcd->mem = (uchar *)realloc(jcd->mem, jcd->size); + int NewSize = jcd->size + JPEGCOMPRESSMEM; + if (uchar *NewBuffer = (uchar *)realloc(jcd->mem, NewSize)) { + jcd->size = NewSize; + jcd->mem = NewBuffer; + } + else { + esyslog("ERROR: out of memory"); + return false; + } if (jcd->mem) { cinfo->dest->next_output_byte = jcd->mem + Used; cinfo->dest->free_in_buffer = jcd->size - Used; - return TRUE; + return true; } } - return FALSE; + return false; } static void JpegCompressTermDestination(j_compress_ptr cinfo) @@ -1046,8 +1073,12 @@ static void JpegCompressTermDestination(j_compress_ptr cinfo) if (jcd) { int Used = cinfo->dest->next_output_byte - jcd->mem; if (Used < jcd->size) { - jcd->size = Used; - jcd->mem = (uchar *)realloc(jcd->mem, jcd->size); + if (uchar *NewBuffer = (uchar *)realloc(jcd->mem, Used)) { + jcd->size = Used; + jcd->mem = NewBuffer; + } + else + esyslog("ERROR: out of memory"); } } } diff --git a/tools.h b/tools.h index 7a05b433..f17c5642 100644 --- a/tools.h +++ b/tools.h @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: tools.h 2.6 2010/12/12 23:15:52 kls Exp $ + * $Id: tools.h 2.7 2011/02/25 15:05:58 kls Exp $ */ #ifndef __TOOLS_H @@ -434,6 +434,10 @@ private: { if (++Index > allocated) { data = (T *)realloc(data, Index * sizeof(T)); + if (!data) { + esyslog("ERROR: out of memory - abort!"); + abort(); + } for (int i = allocated; i < Index; i++) data[i] = T(0); allocated = Index; -- cgit v1.2.3