From b31afd65a5f65b53370fdbdd90182e88fb141a98 Mon Sep 17 00:00:00 2001 From: derselbst Date: Tue, 2 Oct 2018 19:33:50 +0200 Subject: [PATCH 1/3] fix NULL deref in new_fluid_hashtable_full() --- src/utils/fluid_hash.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/utils/fluid_hash.c b/src/utils/fluid_hash.c index c04c5143..37b0a06a 100644 --- a/src/utils/fluid_hash.c +++ b/src/utils/fluid_hash.c @@ -415,7 +415,13 @@ new_fluid_hashtable_full(fluid_hash_func_t hash_func, hashtable->key_destroy_func = key_destroy_func; hashtable->value_destroy_func = value_destroy_func; hashtable->nodes = FLUID_ARRAY(fluid_hashnode_t *, hashtable->size); - FLUID_MEMSET(hashtable->nodes, 0, hashtable->size * sizeof(fluid_hashnode_t *)); + if(hashtable->nodes == NULL) + { + delete_fluid_hashtable(hashtable); + FLUID_LOG(FLUID_ERR, "Out of memory"); + return NULL; + } + FLUID_MEMSET(hashtable->nodes, 0, hashtable->size * sizeof(*hashtable->nodes)); return hashtable; } From 7f2d655b9c8a9cb18eccb09bdcaaafe3e1807b64 Mon Sep 17 00:00:00 2001 From: derselbst Date: Tue, 2 Oct 2018 20:14:56 +0200 Subject: [PATCH 2/3] fix various NULL derefs in fluid_sffile --- src/sfloader/fluid_sffile.c | 54 ++++++++++++++++++++++++++++++------- 1 file changed, 45 insertions(+), 9 deletions(-) diff --git a/src/sfloader/fluid_sffile.c b/src/sfloader/fluid_sffile.c index a98d37f3..a047e2ed 100644 --- a/src/sfloader/fluid_sffile.c +++ b/src/sfloader/fluid_sffile.c @@ -982,7 +982,11 @@ static int load_phdr(SFData *sf, int size) for(; i > 0; i--) { /* load all preset headers */ - preset = FLUID_NEW(SFPreset); + if((preset = FLUID_NEW(SFPreset)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } sf->preset = fluid_list_append(sf->preset, preset); preset->zone = NULL; /* In case of failure, fluid_sffile_close can cleanup */ READSTR(sf, &preset->name); /* possible read failure ^ */ @@ -1069,7 +1073,11 @@ static int load_pbag(SFData *sf, int size) return FALSE; } - z = FLUID_NEW(SFZone); + if((z = FLUID_NEW(SFZone)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } p2->data = z; z->gen = NULL; /* Init gen and mod before possible failure, */ z->mod = NULL; /* to ensure proper cleanup (fluid_sffile_close) */ @@ -1198,7 +1206,11 @@ static int load_pmod(SFData *sf, int size) return FALSE; } - m = FLUID_NEW(SFMod); + if((m = FLUID_NEW(SFMod)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } p3->data = m; READW(sf, m->src); READW(sf, m->dest); @@ -1350,7 +1362,11 @@ static int load_pgen(SFData *sf, int size) if(!dup) { /* if gen ! dup alloc new */ - g = FLUID_NEW(SFGen); + if((g = FLUID_NEW(SFGen)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } p3->data = g; g->id = genid; } @@ -1487,7 +1503,11 @@ static int load_ihdr(SFData *sf, int size) for(i = 0; i < size; i++) { /* load all instrument headers */ - p = FLUID_NEW(SFInst); + if((p = FLUID_NEW(SFInst)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } sf->inst = fluid_list_append(sf->inst, p); p->zone = NULL; /* For proper cleanup if fail (fluid_sffile_close) */ p->idx = i; @@ -1568,7 +1588,11 @@ static int load_ibag(SFData *sf, int size) return FALSE; } - z = FLUID_NEW(SFZone); + if((z = FLUID_NEW(SFZone)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } p2->data = z; z->gen = NULL; /* In case of failure, */ z->mod = NULL; /* fluid_sffile_close can clean up */ @@ -1698,7 +1722,11 @@ static int load_imod(SFData *sf, int size) return FALSE; } - m = FLUID_NEW(SFMod); + if((m = FLUID_NEW(SFMod)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } p3->data = m; READW(sf, m->src); READW(sf, m->dest); @@ -1839,7 +1867,11 @@ static int load_igen(SFData *sf, int size) if(!dup) { /* if gen ! dup alloc new */ - g = FLUID_NEW(SFGen); + if((g = FLUID_NEW(SFGen)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } p3->data = g; g->id = genid; } @@ -1974,7 +2006,11 @@ static int load_shdr(SFData *sf, unsigned int size) /* load all sample headers */ for(i = 0; i < size; i++) { - p = FLUID_NEW(SFSample); + if((p = FLUID_NEW(SFSample)) == NULL) + { + FLUID_LOG(FLUID_ERR, "Out of memory"); + return FALSE; + } sf->sample = fluid_list_append(sf->sample, p); READSTR(sf, &p->name); READD(sf, p->start); From 57ef2dfed83063a3089b4c2aebf70ac169a5299b Mon Sep 17 00:00:00 2001 From: derselbst Date: Tue, 2 Oct 2018 20:20:22 +0200 Subject: [PATCH 3/3] fix memory leaks in load_phdr() and load_ihdr() --- src/sfloader/fluid_sffile.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/sfloader/fluid_sffile.c b/src/sfloader/fluid_sffile.c index a047e2ed..1f823ba1 100644 --- a/src/sfloader/fluid_sffile.c +++ b/src/sfloader/fluid_sffile.c @@ -2138,6 +2138,8 @@ static void delete_preset(SFPreset *preset) } delete_fluid_list(preset->zone); + + FLUID_FREE(preset); } static void delete_inst(SFInst *inst) @@ -2160,6 +2162,8 @@ static void delete_inst(SFInst *inst) } delete_fluid_list(inst->zone); + + FLUID_FREE(inst); }