zdoom/fluidsynth
0
0
Fork 0
mirror of https://github.com/ZDoom/fluidsynth.git synced 2025-01-31 13:40:35 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #437 from FluidSynth/null-fixes

Browse source 
NULL derefs and mem leaks in soundfont loader
This commit is contained in:
Tom M 2018-10-06 11:55:11 +02:00 committed by GitHub
commit b768ad6d14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 56 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
src/sfloader/fluid_sffile.c
View file

@ -982,7 +982,11 @@ static int load_phdr(SFData *sf, int size)
for(; i > 0; i--) for(; i > 0; i--)
{ {
/* load all preset headers */ /* load all preset headers */
preset = FLUID_NEW(SFPreset); if((preset = FLUID_NEW(SFPreset)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
sf->preset = fluid_list_append(sf->preset, preset); sf->preset = fluid_list_append(sf->preset, preset);
preset->zone = NULL; /* In case of failure, fluid_sffile_close can cleanup */ preset->zone = NULL; /* In case of failure, fluid_sffile_close can cleanup */
READSTR(sf, &preset->name); /* possible read failure ^ */ READSTR(sf, &preset->name); /* possible read failure ^ */
@ -1069,7 +1073,11 @@ static int load_pbag(SFData *sf, int size)
return FALSE; return FALSE;
} }
z = FLUID_NEW(SFZone); if((z = FLUID_NEW(SFZone)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
p2->data = z; p2->data = z;
z->gen = NULL; /* Init gen and mod before possible failure, */ z->gen = NULL; /* Init gen and mod before possible failure, */
z->mod = NULL; /* to ensure proper cleanup (fluid_sffile_close) */ z->mod = NULL; /* to ensure proper cleanup (fluid_sffile_close) */
@ -1198,7 +1206,11 @@ static int load_pmod(SFData *sf, int size)
return FALSE; return FALSE;
} }
m = FLUID_NEW(SFMod); if((m = FLUID_NEW(SFMod)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
p3->data = m; p3->data = m;
READW(sf, m->src); READW(sf, m->src);
READW(sf, m->dest); READW(sf, m->dest);
@ -1350,7 +1362,11 @@ static int load_pgen(SFData *sf, int size)
if(!dup) if(!dup)
{ {
/* if gen ! dup alloc new */ /* if gen ! dup alloc new */
g = FLUID_NEW(SFGen); if((g = FLUID_NEW(SFGen)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
p3->data = g; p3->data = g;
g->id = genid; g->id = genid;
} }
@ -1487,7 +1503,11 @@ static int load_ihdr(SFData *sf, int size)
for(i = 0; i < size; i++) for(i = 0; i < size; i++)
{ {
/* load all instrument headers */ /* load all instrument headers */
p = FLUID_NEW(SFInst); if((p = FLUID_NEW(SFInst)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
sf->inst = fluid_list_append(sf->inst, p); sf->inst = fluid_list_append(sf->inst, p);
p->zone = NULL; /* For proper cleanup if fail (fluid_sffile_close) */ p->zone = NULL; /* For proper cleanup if fail (fluid_sffile_close) */
p->idx = i; p->idx = i;
@ -1568,7 +1588,11 @@ static int load_ibag(SFData *sf, int size)
return FALSE; return FALSE;
} }
z = FLUID_NEW(SFZone); if((z = FLUID_NEW(SFZone)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
p2->data = z; p2->data = z;
z->gen = NULL; /* In case of failure, */ z->gen = NULL; /* In case of failure, */
z->mod = NULL; /* fluid_sffile_close can clean up */ z->mod = NULL; /* fluid_sffile_close can clean up */
@ -1698,7 +1722,11 @@ static int load_imod(SFData *sf, int size)
return FALSE; return FALSE;
} }
m = FLUID_NEW(SFMod); if((m = FLUID_NEW(SFMod)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
p3->data = m; p3->data = m;
READW(sf, m->src); READW(sf, m->src);
READW(sf, m->dest); READW(sf, m->dest);
@ -1839,7 +1867,11 @@ static int load_igen(SFData *sf, int size)
if(!dup) if(!dup)
{ {
/* if gen ! dup alloc new */ /* if gen ! dup alloc new */
g = FLUID_NEW(SFGen); if((g = FLUID_NEW(SFGen)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
p3->data = g; p3->data = g;
g->id = genid; g->id = genid;
} }
@ -1974,7 +2006,11 @@ static int load_shdr(SFData *sf, unsigned int size)
/* load all sample headers */ /* load all sample headers */
for(i = 0; i < size; i++) for(i = 0; i < size; i++)
{ {
p = FLUID_NEW(SFSample); if((p = FLUID_NEW(SFSample)) == NULL)
{
FLUID_LOG(FLUID_ERR, "Out of memory");
return FALSE;
}
sf->sample = fluid_list_append(sf->sample, p); sf->sample = fluid_list_append(sf->sample, p);
READSTR(sf, &p->name); READSTR(sf, &p->name);
READD(sf, p->start); READD(sf, p->start);
@ -2102,6 +2138,8 @@ static void delete_preset(SFPreset *preset)
} }
delete_fluid_list(preset->zone); delete_fluid_list(preset->zone);
FLUID_FREE(preset);
} }
static void delete_inst(SFInst *inst) static void delete_inst(SFInst *inst)
@ -2124,6 +2162,8 @@ static void delete_inst(SFInst *inst)
} }
delete_fluid_list(inst->zone); delete_fluid_list(inst->zone);
FLUID_FREE(inst);
} }

8
src/utils/fluid_hash.c
View file

@ -415,7 +415,13 @@ new_fluid_hashtable_full(fluid_hash_func_t hash_func,
hashtable->key_destroy_func = key_destroy_func; hashtable->key_destroy_func = key_destroy_func;
hashtable->value_destroy_func = value_destroy_func; hashtable->value_destroy_func = value_destroy_func;
hashtable->nodes = FLUID_ARRAY(fluid_hashnode_t *, hashtable->size); hashtable->nodes = FLUID_ARRAY(fluid_hashnode_t *, hashtable->size);
FLUID_MEMSET(hashtable->nodes, 0, hashtable->size * sizeof(fluid_hashnode_t *)); if(hashtable->nodes == NULL)
{
delete_fluid_hashtable(hashtable);
FLUID_LOG(FLUID_ERR, "Out of memory");
return NULL;
}
FLUID_MEMSET(hashtable->nodes, 0, hashtable->size * sizeof(*hashtable->nodes));
return hashtable; return hashtable;
} }