File freerdp-Fix-realloc-return-handling.patch of Package freerdp.13065
From 9fee4ae076b1ec97b97efb79ece08d1dab4df29a Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Fri, 4 Oct 2019 14:49:30 +0200
Subject: [PATCH] Fixed #5645: realloc return handling
---
client/X11/generate_argument_docbook.c | 33 +++++++++++++++++++++++++++------
libfreerdp/codec/region.c | 17 ++++++++++++++---
winpr/libwinpr/utils/lodepng/lodepng.c | 6 +++++-
3 files changed, 46 insertions(+), 10 deletions(-)
Index: b/client/X11/generate_argument_docbook.c
===================================================================
--- a/client/X11/generate_argument_docbook.c 2019-10-28 16:54:17.004827451 +0800
+++ b/client/X11/generate_argument_docbook.c 2019-10-28 17:01:32.864987265 +0800
@@ -12,6 +12,7 @@
LPSTR tr_esc_str(LPCSTR arg)
{
LPSTR tmp = NULL;
+ LPSTR tmp2 = NULL;
size_t cs = 0, x, ds;
size_t s;
if(NULL == arg)
@@ -23,7 +24,12 @@ LPSTR tr_esc_str(LPCSTR arg)
/* Prepare a initial buffer with the size of the result string. */
ds = s + 1;
if(s)
- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ {
+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ if (!tmp2)
+ free(tmp);
+ tmp = tmp2;
+ }
if(NULL == tmp)
{
WLog_ERR(TAG, "Could not allocate string buffer.");
@@ -37,7 +43,10 @@ LPSTR tr_esc_str(LPCSTR arg)
{
case '<':
ds += 3;
- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ if (!tmp2)
+ free(tmp);
+ tmp = tmp2;
if(NULL == tmp)
{
WLog_ERR(TAG, "Could not reallocate string buffer.");
@@ -50,7 +59,10 @@ LPSTR tr_esc_str(LPCSTR arg)
break;
case '>':
ds += 3;
- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ if (!tmp2)
+ free(tmp);
+ tmp = tmp2;
if(NULL == tmp)
{
WLog_ERR(TAG, "Could not reallocate string buffer.");
@@ -63,7 +75,10 @@ LPSTR tr_esc_str(LPCSTR arg)
break;
case '\'':
ds += 5;
- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ if (!tmp2)
+ free(tmp);
+ tmp = tmp2;
if(NULL == tmp)
{
WLog_ERR(TAG, "Could not reallocate string buffer.");
@@ -78,7 +93,10 @@ LPSTR tr_esc_str(LPCSTR arg)
break;
case '"':
ds += 5;
- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ if (!tmp2)
+ free(tmp);
+ tmp = tmp2;
if(NULL == tmp)
{
WLog_ERR(TAG, "Could not reallocate string buffer.");
@@ -93,7 +111,10 @@ LPSTR tr_esc_str(LPCSTR arg)
break;
case '&':
ds += 4;
- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
+ if (!tmp2)
+ free(tmp);
+ tmp = tmp2;
if(NULL == tmp)
{
WLog_ERR(TAG, "Could not reallocate string buffer.");
Index: b/libfreerdp/codec/region.c
===================================================================
--- a/libfreerdp/codec/region.c 2019-10-28 16:54:06.740729208 +0800
+++ b/libfreerdp/codec/region.c 2019-10-28 17:00:46.368546848 +0800
@@ -463,8 +463,12 @@ BOOL region16_simplify_bands(REGION16 *r
if (finalNbRects != nbRects)
{
- int allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16));
- region->data = realloc(region->data, allocSize);
+ REGION16_DATA* data;
+ size_t allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16));
+ data = realloc(region->data, allocSize);
+ if (!data)
+ free(region->data);
+ region->data = data;
if (!region->data)
{
@@ -481,10 +485,12 @@ BOOL region16_simplify_bands(REGION16 *r
BOOL region16_union_rect(REGION16 *dst, const REGION16 *src, const RECTANGLE_16 *rect)
{
+ REGION16_DATA* data;
const RECTANGLE_16* srcExtents;
RECTANGLE_16* dstExtents;
const RECTANGLE_16 *currentBand, *endSrcRect, *nextBand;
REGION16_DATA* newItems = NULL;
+ REGION16_DATA* tmpItems = NULL;
RECTANGLE_16* dstRect = NULL;
int usedRects, srcNbRects;
UINT16 topInterBand;
@@ -675,7 +681,11 @@ BOOL region16_union_rect(REGION16 *dst,
dstExtents->right = MAX(rect->right, srcExtents->right);
newItems->size = sizeof(REGION16_DATA) + (usedRects * sizeof(RECTANGLE_16));
- dst->data = realloc(newItems, newItems->size);
+ tmpItems = realloc(newItems, newItems->size);
+ if (!tmpItems)
+ free(newItems);
+ newItems = tmpItems;
+ dst->data = newItems;
if (!dst->data)
{
@@ -722,6 +732,7 @@ BOOL region16_intersects_rect(const REGI
BOOL region16_intersect_rect(REGION16 *dst, const REGION16 *src, const RECTANGLE_16 *rect)
{
+ REGION16_DATA* data;
REGION16_DATA *newItems;
const RECTANGLE_16 *srcPtr, *endPtr, *srcExtents;
RECTANGLE_16 *dstPtr;
Index: b/winpr/libwinpr/utils/lodepng/lodepng.c
===================================================================
--- a/winpr/libwinpr/utils/lodepng/lodepng.c 2019-10-28 16:54:06.740729208 +0800
+++ b/winpr/libwinpr/utils/lodepng/lodepng.c 2019-10-28 16:54:17.004827451 +0800
@@ -838,11 +838,15 @@ unsigned lodepng_huffman_code_lengths(un
static unsigned HuffmanTree_makeFromFrequencies(HuffmanTree* tree, const unsigned* frequencies,
size_t mincodes, size_t numcodes, unsigned maxbitlen)
{
+ unsigned* lengths;
unsigned error = 0;
while(!frequencies[numcodes - 1] && numcodes > mincodes) numcodes--; /*trim zeroes*/
tree->maxbitlen = maxbitlen;
tree->numcodes = (unsigned)numcodes; /*number of symbols*/
- tree->lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned));
+ lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned));
+ if (!lengths)
+ free(tree->lengths);
+ tree->lengths = lengths;
if(!tree->lengths) return 83; /*alloc fail*/
/*initialize all lengths to 0*/
memset(tree->lengths, 0, numcodes * sizeof(unsigned));
