Small fixes from static analysis:

- Potential NULL dereference in tsmf_ifman.c
- Check return value for our functions in tsmf_media.c and rdp.c
- Bad binary operator used in gcc.c
- Unreachable code in ntlm.c
- Bad free operation on SCOPE_LIST object in license.c
This commit is contained in:
Julien Ropé 2012-05-16 15:29:35 +02:00
parent ffbbc13496
commit 80f16c6201
6 changed files with 21 additions and 19 deletions

View File

@ -128,6 +128,7 @@ int tsmf_ifman_on_new_presentation(TSMF_IFMAN* ifman)
presentation = tsmf_presentation_new(stream_get_tail(ifman->input), ifman->channel_callback);
if (presentation == NULL)
error = 1;
else
tsmf_presentation_set_audio_device(presentation, ifman->audio_name, ifman->audio_device);
ifman->output_pending = true;
return error;
@ -389,9 +390,12 @@ int tsmf_ifman_on_end_of_stream(TSMF_IFMAN* ifman)
presentation = tsmf_presentation_find_by_id(stream_get_tail(ifman->input));
stream_seek(ifman->input, 16);
stream_read_uint32(ifman->input, StreamId);
if (presentation)
{
stream = tsmf_stream_find_by_id(presentation, StreamId);
if (stream)
tsmf_stream_end(stream);
}
DEBUG_DVC("StreamId %d", StreamId);
stream_check_size(ifman->output, 16);

View File

@ -448,6 +448,7 @@ static void tsmf_sample_playback(TSMF_SAMPLE* sample)
sample->pixfmt = pixfmt;
}
ret = false ;
if (stream->decoder->GetDecodedDimension)
ret = stream->decoder->GetDecodedDimension(stream->decoder, &width, &height);
if (ret && (width != stream->width || height != stream->height))

View File

@ -1131,7 +1131,7 @@ boolean gcc_read_client_cluster_data(STREAM* s, rdpSettings* settings, uint16 bl
stream_read_uint32(s, flags); /* flags */
if ((flags | REDIRECTED_SESSIONID_FIELD_VALID))
if ((flags & REDIRECTED_SESSIONID_FIELD_VALID))
stream_read_uint32(s, settings->redirected_session_id); /* redirectedSessionID */
return true;

View File

@ -579,11 +579,19 @@ void license_free_scope_list(SCOPE_LIST* scopeList)
{
uint32 i;
/*
* We must NOT call license_free_binary_blob() on each scopelist->array[i] element,
* because scopelist->array was allocated at once, by a single call to xmalloc. The elements
* it contains cannot be deallocated separately then.
* To make things clean, we must deallocate each scopelist->array[].data,
* and finish by deallocating scopelist->array with a single call to xfree().
*/
for (i = 0; i < scopeList->count; i++)
{
license_free_binary_blob(&scopeList->array[i]);
xfree(scopeList->array[i].data);
}
xfree(scopeList->array) ;
xfree(scopeList);
}

View File

@ -224,7 +224,8 @@ boolean rdp_read_header(rdpRdp* rdp, STREAM* s, uint16* length, uint16* channel_
enum DomainMCSPDU MCSPDU;
MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataRequest : DomainMCSPDU_SendDataIndication;
mcs_read_domain_mcspdu_header(s, &MCSPDU, length);
if (!mcs_read_domain_mcspdu_header(s, &MCSPDU, length))
return false ;
if (*length - 8 > stream_get_left(s))
return false;

View File

@ -296,9 +296,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
{
context->state = NTLM_STATE_NEGOTIATE;
if (!context)
return SEC_E_INVALID_HANDLE;
if (!pInput)
return SEC_E_INVALID_TOKEN;
@ -338,9 +335,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
}
else if (context->state == NTLM_STATE_AUTHENTICATE)
{
if (!context)
return SEC_E_INVALID_HANDLE;
if (!pInput)
return SEC_E_INVALID_TOKEN;
@ -436,12 +430,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
}
else
{
if (!context)
return SEC_E_INVALID_HANDLE;
if (!pInput)
return SEC_E_INVALID_TOKEN;
if (pInput->cBuffers < 1)
return SEC_E_INVALID_TOKEN;