core: fix incorrect usage of realloc.

realloc can handle the case that its first parameter is NULL.

Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
This commit is contained in:
Zhang Zhaolong 2015-03-11 13:40:20 +08:00
parent 4205dac57f
commit 99b14815a5
3 changed files with 85 additions and 38 deletions

View File

@ -1314,24 +1314,28 @@ BOOL update_write_line_to_order(wStream* s, ORDER_INFO* orderInfo, LINE_TO_ORDER
BOOL update_read_polyline_order(wStream* s, ORDER_INFO* orderInfo, POLYLINE_ORDER* polyline) BOOL update_read_polyline_order(wStream* s, ORDER_INFO* orderInfo, POLYLINE_ORDER* polyline)
{ {
UINT16 word; UINT16 word;
UINT32 new_num;
ORDER_FIELD_COORD(1, polyline->xStart); ORDER_FIELD_COORD(1, polyline->xStart);
ORDER_FIELD_COORD(2, polyline->yStart); ORDER_FIELD_COORD(2, polyline->yStart);
ORDER_FIELD_BYTE(3, polyline->bRop2); ORDER_FIELD_BYTE(3, polyline->bRop2);
ORDER_FIELD_UINT16(4, word); ORDER_FIELD_UINT16(4, word);
ORDER_FIELD_COLOR(5, polyline->penColor); ORDER_FIELD_COLOR(5, polyline->penColor);
ORDER_FIELD_BYTE(6, polyline->numDeltaEntries); ORDER_FIELD_BYTE(6, new_num);
if (orderInfo->fieldFlags & ORDER_FIELD_07) if (orderInfo->fieldFlags & ORDER_FIELD_07)
{ {
DELTA_POINT *new_points;
if (Stream_GetRemainingLength(s) < 1) if (Stream_GetRemainingLength(s) < 1)
return FALSE; return FALSE;
Stream_Read_UINT8(s, polyline->cbData); Stream_Read_UINT8(s, polyline->cbData);
if (polyline->points == NULL) new_points = (DELTA_POINT*) realloc(polyline->points, sizeof(DELTA_POINT) * new_num);
polyline->points = (DELTA_POINT*) malloc(sizeof(DELTA_POINT) * polyline->numDeltaEntries); if (!new_points)
else return FALSE;
polyline->points = (DELTA_POINT*) realloc(polyline->points, sizeof(DELTA_POINT) * polyline->numDeltaEntries); polyline->points = new_points;
polyline->numDeltaEntries = new_num;
return update_read_delta_points(s, polyline->points, polyline->numDeltaEntries, polyline->xStart, polyline->yStart); return update_read_delta_points(s, polyline->points, polyline->numDeltaEntries, polyline->xStart, polyline->yStart);
} }
@ -1661,6 +1665,7 @@ BOOL update_read_fast_glyph_order(wStream* s, ORDER_INFO* orderInfo, FAST_GLYPH_
if (fastGlyph->cbData > 1) if (fastGlyph->cbData > 1)
{ {
UINT32 new_cb;
/* parse optional glyph data */ /* parse optional glyph data */
glyph->cacheIndex = fastGlyph->data[0]; glyph->cacheIndex = fastGlyph->data[0];
@ -1673,12 +1678,20 @@ BOOL update_read_fast_glyph_order(wStream* s, ORDER_INFO* orderInfo, FAST_GLYPH_
glyph->cb = ((glyph->cx + 7) / 8) * glyph->cy; glyph->cb = ((glyph->cx + 7) / 8) * glyph->cy;
glyph->cb += ((glyph->cb % 4) > 0) ? 4 - (glyph->cb % 4) : 0; glyph->cb += ((glyph->cb % 4) > 0) ? 4 - (glyph->cb % 4) : 0;
if (Stream_GetRemainingLength(s) < glyph->cb) new_cb = ((glyph->cx + 7) / 8) * glyph->cy;
new_cb += ((new_cb % 4) > 0) ? 4 - (new_cb % 4) : 0;
if (Stream_GetRemainingLength(s) < new_cb)
return FALSE; return FALSE;
if (glyph->cb) if (new_cb)
{ {
glyph->aj = (BYTE*) realloc(glyph->aj, glyph->cb); BYTE *new_aj;
new_aj = (BYTE*) realloc(glyph->aj, new_cb);
if (!new_aj)
return FALSE;
glyph->aj = new_aj;
glyph->cb = new_cb;
Stream_Read(s, glyph->aj, glyph->cb); Stream_Read(s, glyph->aj, glyph->cb);
} }
} }
@ -1701,24 +1714,30 @@ BOOL update_write_fast_glyph_order(wStream* s, ORDER_INFO* orderInfo, FAST_GLYPH
BOOL update_read_polygon_sc_order(wStream* s, ORDER_INFO* orderInfo, POLYGON_SC_ORDER* polygon_sc) BOOL update_read_polygon_sc_order(wStream* s, ORDER_INFO* orderInfo, POLYGON_SC_ORDER* polygon_sc)
{ {
UINT32 num;
ORDER_FIELD_COORD(1, polygon_sc->xStart); ORDER_FIELD_COORD(1, polygon_sc->xStart);
ORDER_FIELD_COORD(2, polygon_sc->yStart); ORDER_FIELD_COORD(2, polygon_sc->yStart);
ORDER_FIELD_BYTE(3, polygon_sc->bRop2); ORDER_FIELD_BYTE(3, polygon_sc->bRop2);
ORDER_FIELD_BYTE(4, polygon_sc->fillMode); ORDER_FIELD_BYTE(4, polygon_sc->fillMode);
ORDER_FIELD_COLOR(5, polygon_sc->brushColor); ORDER_FIELD_COLOR(5, polygon_sc->brushColor);
ORDER_FIELD_BYTE(6, polygon_sc->numPoints); ORDER_FIELD_BYTE(6, num);
if (orderInfo->fieldFlags & ORDER_FIELD_07) if (orderInfo->fieldFlags & ORDER_FIELD_07)
{ {
DELTA_POINT *newpoints;
if (Stream_GetRemainingLength(s) < 1) if (Stream_GetRemainingLength(s) < 1)
return FALSE; return FALSE;
Stream_Read_UINT8(s, polygon_sc->cbData); Stream_Read_UINT8(s, polygon_sc->cbData);
if (!polygon_sc->points) newpoints = (DELTA_POINT*) realloc(polygon_sc->points, sizeof(DELTA_POINT) * num);
polygon_sc->points = (DELTA_POINT*) malloc(sizeof(DELTA_POINT) * polygon_sc->numPoints); if (!newpoints)
else return FALSE;
polygon_sc->points = (DELTA_POINT*) realloc(polygon_sc->points, sizeof(DELTA_POINT) * polygon_sc->numPoints);
polygon_sc->points = newpoints;
polygon_sc->numPoints = num;
return update_read_delta_points(s, polygon_sc->points, polygon_sc->numPoints, polygon_sc->xStart, polygon_sc->yStart); return update_read_delta_points(s, polygon_sc->points, polygon_sc->numPoints, polygon_sc->xStart, polygon_sc->yStart);
} }
@ -1738,6 +1757,8 @@ BOOL update_write_polygon_sc_order(wStream* s, ORDER_INFO* orderInfo, POLYGON_SC
BOOL update_read_polygon_cb_order(wStream* s, ORDER_INFO* orderInfo, POLYGON_CB_ORDER* polygon_cb) BOOL update_read_polygon_cb_order(wStream* s, ORDER_INFO* orderInfo, POLYGON_CB_ORDER* polygon_cb)
{ {
UINT32 num;
ORDER_FIELD_COORD(1, polygon_cb->xStart); ORDER_FIELD_COORD(1, polygon_cb->xStart);
ORDER_FIELD_COORD(2, polygon_cb->yStart); ORDER_FIELD_COORD(2, polygon_cb->yStart);
ORDER_FIELD_BYTE(3, polygon_cb->bRop2); ORDER_FIELD_BYTE(3, polygon_cb->bRop2);
@ -1748,20 +1769,23 @@ BOOL update_read_polygon_cb_order(wStream* s, ORDER_INFO* orderInfo, POLYGON_CB_
if (!update_read_brush(s, &polygon_cb->brush, orderInfo->fieldFlags >> 6)) if (!update_read_brush(s, &polygon_cb->brush, orderInfo->fieldFlags >> 6))
return FALSE; return FALSE;
ORDER_FIELD_BYTE(12, polygon_cb->numPoints); ORDER_FIELD_BYTE(12, num);
if (orderInfo->fieldFlags & ORDER_FIELD_13) if (orderInfo->fieldFlags & ORDER_FIELD_13)
{ {
DELTA_POINT *newpoints;
if (Stream_GetRemainingLength(s) < 1) if (Stream_GetRemainingLength(s) < 1)
return FALSE; return FALSE;
Stream_Read_UINT8(s, polygon_cb->cbData); Stream_Read_UINT8(s, polygon_cb->cbData);
if (!polygon_cb->points) newpoints = (DELTA_POINT*) realloc(polygon_cb->points, sizeof(DELTA_POINT) * num);
polygon_cb->points = (DELTA_POINT*) malloc(sizeof(DELTA_POINT) * polygon_cb->numPoints); if (!newpoints)
else return FALSE;
polygon_cb->points = (DELTA_POINT*) realloc(polygon_cb->points, sizeof(DELTA_POINT) * polygon_cb->numPoints);
polygon_cb->points = newpoints;
polygon_cb->numPoints = num;
if (!update_read_delta_points(s, polygon_cb->points, polygon_cb->numPoints, polygon_cb->xStart, polygon_cb->yStart)) if (!update_read_delta_points(s, polygon_cb->points, polygon_cb->numPoints, polygon_cb->xStart, polygon_cb->yStart))
return FALSE; return FALSE;
} }
@ -2065,6 +2089,8 @@ BOOL update_read_cache_bitmap_v3_order(wStream* s, CACHE_BITMAP_V3_ORDER* cache_
{ {
BYTE bitsPerPixelId; BYTE bitsPerPixelId;
BITMAP_DATA_EX* bitmapData; BITMAP_DATA_EX* bitmapData;
UINT32 new_len;
BYTE *new_data;
cache_bitmap_v3->cacheId = flags & 0x00000003; cache_bitmap_v3->cacheId = flags & 0x00000003;
cache_bitmap_v3->flags = (flags & 0x0000FF80) >> 7; cache_bitmap_v3->flags = (flags & 0x0000FF80) >> 7;
@ -2092,16 +2118,16 @@ BOOL update_read_cache_bitmap_v3_order(wStream* s, CACHE_BITMAP_V3_ORDER* cache_
Stream_Read_UINT8(s, bitmapData->codecID); /* codecID (1 byte) */ Stream_Read_UINT8(s, bitmapData->codecID); /* codecID (1 byte) */
Stream_Read_UINT16(s, bitmapData->width); /* width (2 bytes) */ Stream_Read_UINT16(s, bitmapData->width); /* width (2 bytes) */
Stream_Read_UINT16(s, bitmapData->height); /* height (2 bytes) */ Stream_Read_UINT16(s, bitmapData->height); /* height (2 bytes) */
Stream_Read_UINT32(s, bitmapData->length); /* length (4 bytes) */ Stream_Read_UINT32(s, new_len); /* length (4 bytes) */
if (Stream_GetRemainingLength(s) < bitmapData->length) if (Stream_GetRemainingLength(s) < new_len)
return FALSE; return FALSE;
if (bitmapData->data == NULL) new_data = (BYTE*) realloc(bitmapData->data, new_len);
bitmapData->data = (BYTE*) malloc(bitmapData->length); if (!new_data)
else return FALSE;
bitmapData->data = (BYTE*) realloc(bitmapData->data, bitmapData->length); bitmapData->data = new_data;
bitmapData->length = new_len;
Stream_Read(s, bitmapData->data, bitmapData->length); Stream_Read(s, bitmapData->data, bitmapData->length);
return TRUE; return TRUE;
@ -2596,8 +2622,14 @@ BOOL update_read_create_offscreen_bitmap_order(wStream* s, CREATE_OFFSCREEN_BITM
if (deleteList->cIndices > deleteList->sIndices) if (deleteList->cIndices > deleteList->sIndices)
{ {
UINT16 *new_indices;
new_indices = (UINT16 *)realloc(deleteList->indices, deleteList->cIndices);
if (!new_indices)
return FALSE;
deleteList->sIndices = deleteList->cIndices; deleteList->sIndices = deleteList->cIndices;
deleteList->indices = realloc(deleteList->indices, deleteList->sIndices * 2); deleteList->indices = new_indices;
} }
if (Stream_GetRemainingLength(s) < 2 * deleteList->cIndices) if (Stream_GetRemainingLength(s) < 2 * deleteList->cIndices)

View File

@ -172,11 +172,16 @@ BOOL update_read_bitmap_update(rdpUpdate* update, wStream* s, BITMAP_UPDATE* bit
if (bitmapUpdate->number > bitmapUpdate->count) if (bitmapUpdate->number > bitmapUpdate->count)
{ {
UINT16 count; UINT16 count;
BITMAP_DATA *newdata;
count = bitmapUpdate->number * 2; count = bitmapUpdate->number * 2;
bitmapUpdate->rectangles = (BITMAP_DATA*) realloc(bitmapUpdate->rectangles, newdata = (BITMAP_DATA*) realloc(bitmapUpdate->rectangles,
sizeof(BITMAP_DATA) * count); sizeof(BITMAP_DATA) * count);
if (!newdata)
return FALSE;
bitmapUpdate->rectangles = newdata;
ZeroMemory(&bitmapUpdate->rectangles[bitmapUpdate->count], ZeroMemory(&bitmapUpdate->rectangles[bitmapUpdate->count],
sizeof(BITMAP_DATA) * (count - bitmapUpdate->count)); sizeof(BITMAP_DATA) * (count - bitmapUpdate->count));

View File

@ -32,19 +32,23 @@
static BOOL rail_read_unicode_string(wStream* s, RAIL_UNICODE_STRING* unicode_string) static BOOL rail_read_unicode_string(wStream* s, RAIL_UNICODE_STRING* unicode_string)
{ {
UINT16 new_len;
BYTE *new_str;
if (Stream_GetRemainingLength(s) < 2) if (Stream_GetRemainingLength(s) < 2)
return FALSE; return FALSE;
Stream_Read_UINT16(s, unicode_string->length); /* cbString (2 bytes) */ Stream_Read_UINT16(s, new_len); /* cbString (2 bytes) */
if (Stream_GetRemainingLength(s) < unicode_string->length) if (Stream_GetRemainingLength(s) < new_len)
return FALSE; return FALSE;
if (!unicode_string->string) new_str = (BYTE*) realloc(unicode_string->string, new_len);
unicode_string->string = (BYTE*) malloc(unicode_string->length); if (!new_str)
else return FALSE;
unicode_string->string = (BYTE*) realloc(unicode_string->string, unicode_string->length);
unicode_string->string = new_str;
unicode_string->length = new_len;
Stream_Read(s, unicode_string->string, unicode_string->length); Stream_Read(s, unicode_string->string, unicode_string->length);
return TRUE; return TRUE;
@ -108,7 +112,12 @@ BOOL update_read_icon_info(wStream* s, ICON_INFO* iconInfo)
} }
else if (iconInfo->cbColorTable) else if (iconInfo->cbColorTable)
{ {
iconInfo->colorTable = (BYTE*) realloc(iconInfo->colorTable, iconInfo->cbColorTable); BYTE *new_tab;
new_tab = (BYTE*) realloc(iconInfo->colorTable, iconInfo->cbColorTable);
if (!new_tab)
return FALSE;
iconInfo->colorTable = new_tab;
} }
else else
{ {
@ -476,6 +485,8 @@ BOOL update_read_desktop_actively_monitored_order(wStream* s, WINDOW_ORDER_INFO*
if (orderInfo->fieldFlags & WINDOW_ORDER_FIELD_DESKTOP_ZORDER) if (orderInfo->fieldFlags & WINDOW_ORDER_FIELD_DESKTOP_ZORDER)
{ {
UINT32 *newid;
if (Stream_GetRemainingLength(s) < 1) if (Stream_GetRemainingLength(s) < 1)
return FALSE; return FALSE;
@ -486,10 +497,9 @@ BOOL update_read_desktop_actively_monitored_order(wStream* s, WINDOW_ORDER_INFO*
size = sizeof(UINT32) * monitored_desktop->numWindowIds; size = sizeof(UINT32) * monitored_desktop->numWindowIds;
if (monitored_desktop->windowIds == NULL) newid = (UINT32*) realloc(monitored_desktop->windowIds, size);
monitored_desktop->windowIds = (UINT32*) malloc(size); if (!newid)
else return FALSE;
monitored_desktop->windowIds = (UINT32*) realloc(monitored_desktop->windowIds, size);
/* windowIds */ /* windowIds */
for (i = 0; i < (int) monitored_desktop->numWindowIds; i++) for (i = 0; i < (int) monitored_desktop->numWindowIds; i++)