|
 |
a2d0f5 |
From a034f8a50cbe15d250457ed2eefbf9db059f724f Mon Sep 17 00:00:00 2001
|
|
|
a2d0f5 |
From: Eugene Syromyatnikov <evgsyr@gmail.com>
|
|
|
a2d0f5 |
Date: Wed, 18 Aug 2021 21:48:38 +0200
|
|
|
a2d0f5 |
Subject: [PATCH 147/150] filter_qualify: free allocated data on the error path
|
|
|
a2d0f5 |
exit of parse_poke_token
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
While not terribly required due to the fact that issues with option
|
|
|
a2d0f5 |
parsing lead to program termination, these changes avoid leaking data
|
|
|
a2d0f5 |
allocated in the function's scope and not stored elsewhere, which might
|
|
|
a2d0f5 |
come handy if it ever be used dynamically during the runtime.
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
This also has been reported as resource leaks by covscan, and these
|
|
|
a2d0f5 |
changes should calm it.
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
* src/filter_qualify.c (parse_poke_token): Go to err label instead of
|
|
|
a2d0f5 |
returning right away; free poke->data, poke, and str_tokenized before
|
|
|
a2d0f5 |
returning false.
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
References: https://bugzilla.redhat.com/show_bug.cgi?id=1995509
|
|
|
a2d0f5 |
---
|
|
|
a2d0f5 |
src/filter_qualify.c | 18 ++++++++++++------
|
|
|
a2d0f5 |
1 file changed, 12 insertions(+), 6 deletions(-)
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
diff --git a/src/filter_qualify.c b/src/filter_qualify.c
|
|
|
a2d0f5 |
index df05496..a1a6471 100644
|
|
|
a2d0f5 |
--- a/src/filter_qualify.c
|
|
|
a2d0f5 |
+++ b/src/filter_qualify.c
|
|
|
a2d0f5 |
@@ -169,34 +169,40 @@ parse_poke_token(const char *input, struct inject_opts *fopts, bool isenter)
|
|
|
a2d0f5 |
poke->is_enter = isenter;
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
if ((val = STR_STRIP_PREFIX(token, "@arg")) == token)
|
|
|
a2d0f5 |
- return false;
|
|
|
a2d0f5 |
+ goto err;
|
|
|
a2d0f5 |
if ((val[0] >= '1') && (val[0] <= '7')) {
|
|
|
a2d0f5 |
poke->arg_no = val[0] - '0';
|
|
|
a2d0f5 |
} else {
|
|
|
a2d0f5 |
- return false;
|
|
|
a2d0f5 |
+ goto err;
|
|
|
a2d0f5 |
}
|
|
|
a2d0f5 |
if (val[1] != '=')
|
|
|
a2d0f5 |
- return false;
|
|
|
a2d0f5 |
+ goto err;
|
|
|
a2d0f5 |
val += 2;
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
data_len = strlen(val);
|
|
|
a2d0f5 |
if ((data_len == 0) || (data_len % 2) || (data_len > 2048))
|
|
|
a2d0f5 |
- return false;
|
|
|
a2d0f5 |
+ goto err;
|
|
|
a2d0f5 |
data_len /= 2;
|
|
|
a2d0f5 |
poke->data_len = data_len;
|
|
|
a2d0f5 |
poke->data = xmalloc(data_len);
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
for (size_t i = 0; i < data_len; i++)
|
|
|
a2d0f5 |
if (sscanf(&val[2 * i], "%2hhx", &poke->data[i]) != 1)
|
|
|
a2d0f5 |
- return false;
|
|
|
a2d0f5 |
+ goto err;
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
if (poke_add(fopts->data.poke_idx, poke))
|
|
|
a2d0f5 |
- return false;
|
|
|
a2d0f5 |
+ goto err;
|
|
|
a2d0f5 |
}
|
|
|
a2d0f5 |
free(str_tokenized);
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
fopts->data.flags |= flag;
|
|
|
a2d0f5 |
return true;
|
|
|
a2d0f5 |
+
|
|
|
a2d0f5 |
+err:
|
|
|
a2d0f5 |
+ free(poke->data);
|
|
|
a2d0f5 |
+ free(poke);
|
|
|
a2d0f5 |
+ free(str_tokenized);
|
|
|
a2d0f5 |
+ return false;
|
|
|
a2d0f5 |
}
|
|
|
a2d0f5 |
|
|
|
a2d0f5 |
static bool
|
|
|
a2d0f5 |
--
|
|
|
a2d0f5 |
2.1.4
|
|
|
a2d0f5 |
|