Fix various memory leaks reported by Coverity
Covscan report contains various memory leak defects which were marked as important. I have spent some time analyzing them and although they were marked as important, most of them are in error cases, so probably nothing serious. Let's fix most of them anyway. The rest are false positives, or too complicated to fix, or already fixed in master, or simply I am unsure about them. Relates: https://github.com/FreeRDP/FreeRDP/issues/6981
This commit is contained in:
parent
ac25baa5ee
commit
892cbe3261
@ -109,7 +109,10 @@ static BOOL printer_write_setting(const char* path, prn_conf_t type, const void*
|
|||||||
char* abs = GetCombinedPath(path, name);
|
char* abs = GetCombinedPath(path, name);
|
||||||
|
|
||||||
if (!abs || (length > INT32_MAX))
|
if (!abs || (length > INT32_MAX))
|
||||||
|
{
|
||||||
|
free(abs);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
file = CreateFileA(abs, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
file = CreateFileA(abs, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
free(abs);
|
free(abs);
|
||||||
|
@ -327,7 +327,10 @@ BOOL VCAPITYPE VirtualChannelEntryEx(PCHANNEL_ENTRY_POINTS pEntryPoints, PVOID p
|
|||||||
plugin->channelEntryPoints = *pEntryPointsEx;
|
plugin->channelEntryPoints = *pEntryPointsEx;
|
||||||
|
|
||||||
if (init_external_addin(plugin) < 0)
|
if (init_external_addin(plugin) < 0)
|
||||||
|
{
|
||||||
|
free(plugin);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
strncpy(channelDef.name, RDP2TCP_CHAN_NAME, sizeof(channelDef.name));
|
strncpy(channelDef.name, RDP2TCP_CHAN_NAME, sizeof(channelDef.name));
|
||||||
channelDef.options =
|
channelDef.options =
|
||||||
|
@ -477,6 +477,7 @@ static UINT smartcard_process_irp(SMARTCARD_DEVICE* smartcard, IRP* irp)
|
|||||||
{
|
{
|
||||||
if ((status = smartcard_irp_device_control_call(smartcard, operation)))
|
if ((status = smartcard_irp_device_control_call(smartcard, operation)))
|
||||||
{
|
{
|
||||||
|
free(operation);
|
||||||
WLog_ERR(TAG, "smartcard_irp_device_control_call failed with error %" PRId32 "!",
|
WLog_ERR(TAG, "smartcard_irp_device_control_call failed with error %" PRId32 "!",
|
||||||
status);
|
status);
|
||||||
return (UINT32)status;
|
return (UINT32)status;
|
||||||
|
@ -516,7 +516,10 @@ static DWORD filter_device_by_name_w(wLinkedList* list, LPWSTR* mszReaders, DWOR
|
|||||||
|
|
||||||
/* When res==0, readers may have been set to NULL by ConvertFromUnicode */
|
/* When res==0, readers may have been set to NULL by ConvertFromUnicode */
|
||||||
if ((res < 0) || ((DWORD)res != cchReaders) || (readers == 0))
|
if ((res < 0) || ((DWORD)res != cchReaders) || (readers == 0))
|
||||||
|
{
|
||||||
|
free(readers);
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
free(*mszReaders);
|
free(*mszReaders);
|
||||||
*mszReaders = NULL;
|
*mszReaders = NULL;
|
||||||
|
@ -406,7 +406,9 @@ static char* smartcard_msz_dump_w(const WCHAR* msz, size_t len, char* buffer, si
|
|||||||
{
|
{
|
||||||
char* sz = NULL;
|
char* sz = NULL;
|
||||||
ConvertFromUnicode(CP_UTF8, 0, msz, (int)len, &sz, 0, NULL, NULL);
|
ConvertFromUnicode(CP_UTF8, 0, msz, (int)len, &sz, 0, NULL, NULL);
|
||||||
return smartcard_msz_dump_a(sz, len, buffer, bufferLen);
|
smartcard_msz_dump_a(sz, len, buffer, bufferLen);
|
||||||
|
free(sz);
|
||||||
|
return buffer;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char* smartcard_array_dump(const void* pd, size_t len, char* buffer, size_t bufferLen)
|
static char* smartcard_array_dump(const void* pd, size_t len, char* buffer, size_t bufferLen)
|
||||||
|
@ -552,7 +552,10 @@ static UINT urb_select_interface(IUDEVICE* pdev, URBDRC_CHANNEL_CALLBACK* callba
|
|||||||
MsInterface = msusb_msinterface_read(s);
|
MsInterface = msusb_msinterface_read(s);
|
||||||
|
|
||||||
if ((Stream_GetRemainingLength(s) < 4) || !MsInterface)
|
if ((Stream_GetRemainingLength(s) < 4) || !MsInterface)
|
||||||
|
{
|
||||||
|
msusb_msinterface_free(MsInterface);
|
||||||
return ERROR_INVALID_DATA;
|
return ERROR_INVALID_DATA;
|
||||||
|
}
|
||||||
|
|
||||||
Stream_Read_UINT32(s, OutputBufferSize);
|
Stream_Read_UINT32(s, OutputBufferSize);
|
||||||
pdev->select_interface(pdev, MsInterface->InterfaceNumber, MsInterface->AlternateSetting);
|
pdev->select_interface(pdev, MsInterface->InterfaceNumber, MsInterface->AlternateSetting);
|
||||||
|
@ -108,7 +108,7 @@ static MSUSB_INTERFACE_DESCRIPTOR* msusb_msinterface_new()
|
|||||||
return (MSUSB_INTERFACE_DESCRIPTOR*)calloc(1, sizeof(MSUSB_INTERFACE_DESCRIPTOR));
|
return (MSUSB_INTERFACE_DESCRIPTOR*)calloc(1, sizeof(MSUSB_INTERFACE_DESCRIPTOR));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void msusb_msinterface_free(MSUSB_INTERFACE_DESCRIPTOR* MsInterface)
|
void msusb_msinterface_free(MSUSB_INTERFACE_DESCRIPTOR* MsInterface)
|
||||||
{
|
{
|
||||||
if (MsInterface)
|
if (MsInterface)
|
||||||
{
|
{
|
||||||
|
@ -82,6 +82,7 @@ extern "C"
|
|||||||
MSUSB_INTERFACE_DESCRIPTOR* NewMsInterface);
|
MSUSB_INTERFACE_DESCRIPTOR* NewMsInterface);
|
||||||
FREERDP_API MSUSB_INTERFACE_DESCRIPTOR* msusb_msinterface_read(wStream* out);
|
FREERDP_API MSUSB_INTERFACE_DESCRIPTOR* msusb_msinterface_read(wStream* out);
|
||||||
FREERDP_API BOOL msusb_msinterface_write(MSUSB_INTERFACE_DESCRIPTOR* MsInterface, wStream* out);
|
FREERDP_API BOOL msusb_msinterface_write(MSUSB_INTERFACE_DESCRIPTOR* MsInterface, wStream* out);
|
||||||
|
FREERDP_API void msusb_msinterface_free(MSUSB_INTERFACE_DESCRIPTOR* MsInterface);
|
||||||
|
|
||||||
/* MSUSB_CONFIG exported functions */
|
/* MSUSB_CONFIG exported functions */
|
||||||
FREERDP_API MSUSB_CONFIG_DESCRIPTOR* msusb_msconfig_new(void);
|
FREERDP_API MSUSB_CONFIG_DESCRIPTOR* msusb_msconfig_new(void);
|
||||||
|
@ -649,7 +649,10 @@ wlf_cliprdr_server_format_data_request(CliprdrClientContext* context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (rc != CHANNEL_RC_OK)
|
if (rc != CHANNEL_RC_OK)
|
||||||
|
{
|
||||||
|
free(data);
|
||||||
return rc;
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
rc = wlf_cliprdr_send_data_response(clipboard, data, size);
|
rc = wlf_cliprdr_send_data_response(clipboard, data, size);
|
||||||
free(data);
|
free(data);
|
||||||
|
@ -1119,7 +1119,10 @@ xfAppWindow* xf_AppWindowFromX11Window(xfContext* xfc, Window wnd)
|
|||||||
appWindow = xf_rail_get_window(xfc, *(UINT64*)pKeys[index]);
|
appWindow = xf_rail_get_window(xfc, *(UINT64*)pKeys[index]);
|
||||||
|
|
||||||
if (!appWindow)
|
if (!appWindow)
|
||||||
|
{
|
||||||
|
free(pKeys);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if (appWindow->handle == wnd)
|
if (appWindow->handle == wnd)
|
||||||
{
|
{
|
||||||
|
@ -400,7 +400,7 @@ static BOOL freerdp_assistance_parse_connection_string2(rdpAssistanceFile* file)
|
|||||||
{
|
{
|
||||||
WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field "
|
WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field "
|
||||||
"order for ID");
|
"order for ID");
|
||||||
return -1;
|
goto out_fail;
|
||||||
}
|
}
|
||||||
length = q - p;
|
length = q - p;
|
||||||
free(file->RASessionId);
|
free(file->RASessionId);
|
||||||
|
@ -121,6 +121,7 @@ BOOL rpc_ncacn_http_recv_in_channel_response(RpcChannel* inChannel, HttpResponse
|
|||||||
if (ntlmTokenData && ntlmTokenLength)
|
if (ntlmTokenData && ntlmTokenLength)
|
||||||
return ntlm_client_set_input_buffer(ntlm, FALSE, ntlmTokenData, ntlmTokenLength);
|
return ntlm_client_set_input_buffer(ntlm, FALSE, ntlmTokenData, ntlmTokenLength);
|
||||||
|
|
||||||
|
free(ntlmTokenData);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -274,5 +275,6 @@ BOOL rpc_ncacn_http_recv_out_channel_response(RpcChannel* outChannel, HttpRespon
|
|||||||
if (ntlmTokenData && ntlmTokenLength)
|
if (ntlmTokenData && ntlmTokenLength)
|
||||||
return ntlm_client_set_input_buffer(ntlm, FALSE, ntlmTokenData, ntlmTokenLength);
|
return ntlm_client_set_input_buffer(ntlm, FALSE, ntlmTokenData, ntlmTokenLength);
|
||||||
|
|
||||||
|
free(ntlmTokenData);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
@ -350,7 +350,10 @@ static BOOL rdg_write_chunked(BIO* bio, wStream* sPacket)
|
|||||||
len = Stream_Length(sChunk);
|
len = Stream_Length(sChunk);
|
||||||
|
|
||||||
if (len > INT_MAX)
|
if (len > INT_MAX)
|
||||||
|
{
|
||||||
|
Stream_Free(sChunk, TRUE);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
status = BIO_write(bio, Stream_Buffer(sChunk), (int)len);
|
status = BIO_write(bio, Stream_Buffer(sChunk), (int)len);
|
||||||
Stream_Free(sChunk, TRUE);
|
Stream_Free(sChunk, TRUE);
|
||||||
@ -2060,7 +2063,10 @@ static int rdg_write_chunked_data_packet(rdpRdg* rdg, const BYTE* buf, int isize
|
|||||||
len = Stream_Length(sChunk);
|
len = Stream_Length(sChunk);
|
||||||
|
|
||||||
if (len > INT_MAX)
|
if (len > INT_MAX)
|
||||||
|
{
|
||||||
|
Stream_Free(sChunk, TRUE);
|
||||||
return -1;
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
status = tls_write_all(rdg->tlsIn, Stream_Buffer(sChunk), (int)len);
|
status = tls_write_all(rdg->tlsIn, Stream_Buffer(sChunk), (int)len);
|
||||||
Stream_Free(sChunk, TRUE);
|
Stream_Free(sChunk, TRUE);
|
||||||
|
@ -692,7 +692,7 @@ static int rpc_client_nondefault_out_channel_recv(rdpRpc* rpc)
|
|||||||
WLog_ERR(TAG,
|
WLog_ERR(TAG,
|
||||||
"rpc_client_nondefault_out_channel_recv: Unexpected message %08" PRIx32,
|
"rpc_client_nondefault_out_channel_recv: Unexpected message %08" PRIx32,
|
||||||
nextOutChannel->State);
|
nextOutChannel->State);
|
||||||
return -1;
|
status = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
http_response_free(response);
|
http_response_free(response);
|
||||||
|
@ -719,7 +719,7 @@ static BOOL rdp_write_info_packet(rdpRdp* rdp, wStream* s)
|
|||||||
} ptrconv;
|
} ptrconv;
|
||||||
|
|
||||||
if (settings->RedirectionPasswordLength > UINT16_MAX)
|
if (settings->RedirectionPasswordLength > UINT16_MAX)
|
||||||
return FALSE;
|
goto fail;
|
||||||
usedPasswordCookie = TRUE;
|
usedPasswordCookie = TRUE;
|
||||||
|
|
||||||
ptrconv.bp = settings->RedirectionPassword;
|
ptrconv.bp = settings->RedirectionPassword;
|
||||||
|
@ -394,6 +394,8 @@ int rdtk_nine_patch_engine_init(rdtkEngine* engine)
|
|||||||
else
|
else
|
||||||
winpr_image_free(image, TRUE);
|
winpr_image_free(image, TRUE);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
winpr_image_free(image, TRUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!engine->textField9patch)
|
if (!engine->textField9patch)
|
||||||
@ -402,6 +404,7 @@ int rdtk_nine_patch_engine_init(rdtkEngine* engine)
|
|||||||
BYTE* data;
|
BYTE* data;
|
||||||
status = -1;
|
status = -1;
|
||||||
size = rdtk_get_embedded_resource_file("textfield_default.9.png", &data);
|
size = rdtk_get_embedded_resource_file("textfield_default.9.png", &data);
|
||||||
|
image = NULL;
|
||||||
|
|
||||||
if (size > 0)
|
if (size > 0)
|
||||||
{
|
{
|
||||||
@ -420,6 +423,8 @@ int rdtk_nine_patch_engine_init(rdtkEngine* engine)
|
|||||||
else
|
else
|
||||||
winpr_image_free(image, TRUE);
|
winpr_image_free(image, TRUE);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
winpr_image_free(image, TRUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -81,9 +81,16 @@ static char* makecert_read_str(BIO* bio, size_t* pOffset)
|
|||||||
new_len = length * 2;
|
new_len = length * 2;
|
||||||
if (new_len == 0)
|
if (new_len == 0)
|
||||||
new_len = 2048;
|
new_len = 2048;
|
||||||
|
|
||||||
|
if (new_len > INT_MAX)
|
||||||
|
{
|
||||||
|
status = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
new_str = (char*)realloc(x509_str, new_len);
|
new_str = (char*)realloc(x509_str, new_len);
|
||||||
|
|
||||||
if (!new_str || (new_len > INT_MAX))
|
if (!new_str)
|
||||||
{
|
{
|
||||||
status = -1;
|
status = -1;
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user