Small fixes from static analysis:
- Potential NULL dereference in tsmf_ifman.c - Check return value for our functions in tsmf_media.c and rdp.c - Bad binary operator used in gcc.c - Unreachable code in ntlm.c - Bad free operation on SCOPE_LIST object in license.c
This commit is contained in:
parent
ffbbc13496
commit
80f16c6201
@ -128,6 +128,7 @@ int tsmf_ifman_on_new_presentation(TSMF_IFMAN* ifman)
|
||||
presentation = tsmf_presentation_new(stream_get_tail(ifman->input), ifman->channel_callback);
|
||||
if (presentation == NULL)
|
||||
error = 1;
|
||||
else
|
||||
tsmf_presentation_set_audio_device(presentation, ifman->audio_name, ifman->audio_device);
|
||||
ifman->output_pending = true;
|
||||
return error;
|
||||
@ -389,9 +390,12 @@ int tsmf_ifman_on_end_of_stream(TSMF_IFMAN* ifman)
|
||||
presentation = tsmf_presentation_find_by_id(stream_get_tail(ifman->input));
|
||||
stream_seek(ifman->input, 16);
|
||||
stream_read_uint32(ifman->input, StreamId);
|
||||
if (presentation)
|
||||
{
|
||||
stream = tsmf_stream_find_by_id(presentation, StreamId);
|
||||
if (stream)
|
||||
tsmf_stream_end(stream);
|
||||
|
||||
}
|
||||
DEBUG_DVC("StreamId %d", StreamId);
|
||||
|
||||
stream_check_size(ifman->output, 16);
|
||||
|
@ -448,6 +448,7 @@ static void tsmf_sample_playback(TSMF_SAMPLE* sample)
|
||||
sample->pixfmt = pixfmt;
|
||||
}
|
||||
|
||||
ret = false ;
|
||||
if (stream->decoder->GetDecodedDimension)
|
||||
ret = stream->decoder->GetDecodedDimension(stream->decoder, &width, &height);
|
||||
if (ret && (width != stream->width || height != stream->height))
|
||||
|
@ -1131,7 +1131,7 @@ boolean gcc_read_client_cluster_data(STREAM* s, rdpSettings* settings, uint16 bl
|
||||
|
||||
stream_read_uint32(s, flags); /* flags */
|
||||
|
||||
if ((flags | REDIRECTED_SESSIONID_FIELD_VALID))
|
||||
if ((flags & REDIRECTED_SESSIONID_FIELD_VALID))
|
||||
stream_read_uint32(s, settings->redirected_session_id); /* redirectedSessionID */
|
||||
|
||||
return true;
|
||||
|
@ -579,11 +579,19 @@ void license_free_scope_list(SCOPE_LIST* scopeList)
|
||||
{
|
||||
uint32 i;
|
||||
|
||||
/*
|
||||
* We must NOT call license_free_binary_blob() on each scopelist->array[i] element,
|
||||
* because scopelist->array was allocated at once, by a single call to xmalloc. The elements
|
||||
* it contains cannot be deallocated separately then.
|
||||
* To make things clean, we must deallocate each scopelist->array[].data,
|
||||
* and finish by deallocating scopelist->array with a single call to xfree().
|
||||
*/
|
||||
for (i = 0; i < scopeList->count; i++)
|
||||
{
|
||||
license_free_binary_blob(&scopeList->array[i]);
|
||||
xfree(scopeList->array[i].data);
|
||||
}
|
||||
|
||||
xfree(scopeList->array) ;
|
||||
xfree(scopeList);
|
||||
}
|
||||
|
||||
|
@ -224,7 +224,8 @@ boolean rdp_read_header(rdpRdp* rdp, STREAM* s, uint16* length, uint16* channel_
|
||||
enum DomainMCSPDU MCSPDU;
|
||||
|
||||
MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataRequest : DomainMCSPDU_SendDataIndication;
|
||||
mcs_read_domain_mcspdu_header(s, &MCSPDU, length);
|
||||
if (!mcs_read_domain_mcspdu_header(s, &MCSPDU, length))
|
||||
return false ;
|
||||
|
||||
if (*length - 8 > stream_get_left(s))
|
||||
return false;
|
||||
|
@ -296,9 +296,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
|
||||
{
|
||||
context->state = NTLM_STATE_NEGOTIATE;
|
||||
|
||||
if (!context)
|
||||
return SEC_E_INVALID_HANDLE;
|
||||
|
||||
if (!pInput)
|
||||
return SEC_E_INVALID_TOKEN;
|
||||
|
||||
@ -338,9 +335,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
|
||||
}
|
||||
else if (context->state == NTLM_STATE_AUTHENTICATE)
|
||||
{
|
||||
if (!context)
|
||||
return SEC_E_INVALID_HANDLE;
|
||||
|
||||
if (!pInput)
|
||||
return SEC_E_INVALID_TOKEN;
|
||||
|
||||
@ -436,12 +430,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!context)
|
||||
return SEC_E_INVALID_HANDLE;
|
||||
|
||||
if (!pInput)
|
||||
return SEC_E_INVALID_TOKEN;
|
||||
|
||||
if (pInput->cBuffers < 1)
|
||||
return SEC_E_INVALID_TOKEN;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user