+4110. [bug] Address memory leaks / null pointer dereferences
+ on out of memory. [RT #39310]
+
4109. [port] linux: support reading the local port range from
net.ipv4.ip_local_port_range. [RT # 39379]
if (lookold->ecs_addr != NULL) {
size_t len = sizeof(isc_sockaddr_t);
looknew->ecs_addr = isc_mem_allocate(mctx, len);
+ if (looknew->ecs_addr == NULL)
+ fatal("out of memory");
memmove(looknew->ecs_addr, lookold->ecs_addr, len);
}
}
sa = isc_mem_allocate(mctx, sizeof(*sa));
+ if (sa == NULL)
+ fatal("out of memory");
if (inet_pton(AF_INET6, value, &in6) == 1) {
isc_sockaddr_fromin6(sa, &in6, 0);
parsed = ISC_TRUE;
}
if (dscpsp != NULL) {
- dscps = isc_mem_get(mctx, count * sizeof(isc_dscp_t));
- if (dscps == NULL)
- return (ISC_R_NOMEMORY);
-
dscpobj = cfg_tuple_get(list, "dscp");
if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
if (cfg_obj_asuint32(dscpobj) > 63) {
}
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
}
+
+ dscps = isc_mem_get(mctx, count * sizeof(isc_dscp_t));
+ if (dscps == NULL)
+ return (ISC_R_NOMEMORY);
}
addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
- if (addrs == NULL)
+ if (addrs == NULL) {
+ if (dscps != NULL)
+ isc_mem_put(mctx, dscps, count * sizeof(isc_dscp_t));
return (ISC_R_NOMEMORY);
+ }
for (element = cfg_list_first(addrlist);
element != NULL;
cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
"dscp value '%u' is out of range",
cfg_obj_asuint32(dscpobj));
- return (ISC_R_RANGE);
+ result = ISC_R_RANGE;
+ goto cleanup;
}
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
}
dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin);
result = dns_name_fromtext(origin, &source, dns_rootname, 0, NULL);
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS) {
+ isc_mem_put(mctx, dbi, sizeof(*dbi));
return (result);
+ }
result = dns_db_create(mctx, dbtype, origin,
cache ? dns_dbtype_cache : dns_dbtype_zone,
isc_task_shutdown(task);
}
- isc_mem_put(mctx, dev->region.base, dev->region.length);
+ if (dev->region.base != NULL)
+ isc_mem_put(mctx, dev->region.base, dev->region.length);
isc_event_free(&event);
}
if (dev->result != ISC_R_SUCCESS) {
isc_socket_detach(&sock);
- isc_mem_put(mctx, dev->region.base,
- dev->region.length);
+ if (dev->region.base != NULL)
+ isc_mem_put(mctx, dev->region.base, dev->region.length);
isc_event_free(&event);
isc_task_shutdown(task);
sprintf(buf, "\r\nReceived: %.*s\r\n\r\n",
(int)dev->n, (char *)region.base);
region.base = isc_mem_get(mctx, strlen(buf) + 1);
- region.length = strlen(buf) + 1;
- strcpy((char *)region.base, buf); /* strcpy is safe */
+ if (region.base != NULL) {
+ region.length = strlen(buf) + 1;
+ strcpy((char *)region.base, buf); /* strcpy is safe */
+ } else
+ region.length = 0;
isc_socket_send(sock, ®ion, task, my_send, event->ev_arg);
} else {
region = dev->region;
if (dev->result != ISC_R_SUCCESS) {
isc_socket_detach(&sock);
isc_task_shutdown(task);
+ if (dev->region.base != NULL)
+ isc_mem_put(mctx, dev->region.base, dev->region.length);
isc_event_free(&event);
return;
}
strcpy(buf, "GET / HTTP/1.1\r\nHost: www.flame.org\r\n"
"Connection: Close\r\n\r\n");
region.base = isc_mem_get(mctx, strlen(buf) + 1);
- region.length = strlen(buf) + 1;
- strcpy((char *)region.base, buf); /* This strcpy is safe. */
+ if (region.base != NULL) {
+ region.length = strlen(buf) + 1;
+ strcpy((char *)region.base, buf); /* This strcpy is safe. */
+ } else
+ region.length = 0;
isc_socket_send(sock, ®ion, task, my_http_get, event->ev_arg);
}
sa = isc_mem_allocate(mctx, sizeof(*sa));
+ if (sa == NULL)
+ fatal("out of memory");
if (inet_pton(AF_INET6, value, &in6) == 1) {
isc_sockaddr_fromin6(sa, &in6, 0);
parsed = ISC_TRUE;
* Returns:
*
*\li ISC_R_SUCCESS
+ *\li ISC_R_NOMEMORY
*
*\li Any error that dns_name_totext() can return.
*/
isc_buffer_usedregion(&buf, ®);
p = isc_mem_allocate(mctx, reg.length + 1);
+ if (p == NULL)
+ return (ISC_R_NOMEMORY);
memmove(p, (char *) reg.base, (int) reg.length);
p[reg.length] = '\0';
size_t i;
ctx = isc_mem_get(mctx, sizeof(*ctx));
+ ATF_REQUIRE(ctx != NULL);
ctx->rbt = NULL;
result = dns_rbt_create(mctx, delete_data, NULL, &ctx->rbt);
char namebuf[34];
n = isc_mem_get(mctx, sizeof(size_t));
+ ATF_REQUIRE(n != NULL);
+
*n = i; /* Unused value */
while (1) {
/*%
* Define ISC_MEM_CHECKOVERRUN=1 to turn on checks for using memory outside
* the requested space. This will increase the size of each allocation.
+ *
+ * If we are performing a Coverity static analysis then ISC_MEM_CHECKOVERRUN
+ * can hide bugs that would otherwise discovered so force to zero.
*/
+#ifdef __COVERITY__
+#undef ISC_MEM_CHECKOVERRUN
+#define ISC_MEM_CHECKOVERRUN 0
+#endif
#ifndef ISC_MEM_CHECKOVERRUN
#define ISC_MEM_CHECKOVERRUN 1
#endif
* with the byte string '0xbe'. This helps track down uninitialized pointers
* and the like. On freeing memory, the space is filled with '0xde' for
* the same reasons.
+ *
+ * If we are performing a Coverity static analysis then ISC_MEM_FILL
+ * can hide bugs that would otherwise discovered so force to zero.
*/
+#ifdef __COVERITY__
+#undef ISC_MEM_FILL
+#define ISC_MEM_FILL 0
+#endif
#ifndef ISC_MEM_FILL
#define ISC_MEM_FILL 1
#endif
/* Debug message, not displayed when running via atf-run */
printf("numbits=%u, scount=%d\n", numbits, scount);
- s_obs = fabs(scount) / sqrt(numbits);
+ s_obs = abs(scount) / sqrt(numbits);
p_value = erfc(s_obs / sqrt(2.0));
return (p_value);
ATF_REQUIRE(numbits >= (mbits * numblocks));
pi = isc_mem_get(mctx, numblocks * sizeof(double));
+ ATF_REQUIRE(pi != NULL);
cur_word = 0;
for (i = 0; i < numblocks; i++) {
CHECK(cfg_parse_obj(pctx, nametype, &idobj));
CHECK(cfg_parse_map(pctx, type, &mapobj));
mapobj->value.map.id = idobj;
- idobj = NULL;
*ret = mapobj;
+ return (result);
cleanup:
CLEANUP_OBJ(idobj);
+ CLEANUP_OBJ(mapobj);
return (result);
}