From a3b531c036f49e76406a9cc700fa47a058bed7c6 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 29 Aug 2013 15:30:22 +0200 Subject: [PATCH] Fixed issues found with clang-analyzer --- channels/rdpsnd/client/rdpsnd_main.c | 3 ++ .../smartcard/client/smartcard_operations.c | 3 ++ channels/urbdrc/client/data_transfer.c | 2 + .../urbdrc/client/libusb/libusb_udevice.c | 6 +++ client/X11/xf_window.c | 1 + client/common/compatibility.c | 9 ++++ libfreerdp/codec/rfx.c | 49 ++++++++++++++----- libfreerdp/core/gateway/http.c | 6 +++ libfreerdp/core/gateway/tsg.c | 16 ++++-- libfreerdp/core/listener.c | 5 +- libfreerdp/crypto/er.c | 13 +++-- winpr/libwinpr/crt/string.c | 9 ++-- winpr/libwinpr/file/file.c | 4 ++ winpr/libwinpr/file/pattern.c | 2 +- winpr/libwinpr/path/shell.c | 2 + winpr/libwinpr/registry/registry_reg.c | 3 ++ winpr/libwinpr/rpc/ndr_correlation.c | 3 ++ winpr/libwinpr/sspi/NTLM/ntlm_message.c | 1 + winpr/libwinpr/synch/semaphore.c | 2 + winpr/libwinpr/synch/timer.c | 8 ++- winpr/libwinpr/utils/collections/Reference.c | 3 ++ 21 files changed, 124 insertions(+), 26 deletions(-) diff --git a/channels/rdpsnd/client/rdpsnd_main.c b/channels/rdpsnd/client/rdpsnd_main.c index 35ba973d7..f8d612276 100644 --- a/channels/rdpsnd/client/rdpsnd_main.c +++ b/channels/rdpsnd/client/rdpsnd_main.c @@ -417,7 +417,10 @@ static void rdpsnd_recv_wave_pdu(rdpsndPlugin* rdpsnd, wStream* s) wave->wAudioLength = rdpsnd_compute_audio_time_length(format, size); if (!rdpsnd->device) + { + free(wave); return; + } if (rdpsnd->device->WaveDecode) { diff --git a/channels/smartcard/client/smartcard_operations.c b/channels/smartcard/client/smartcard_operations.c index d75b1d3d9..e36b6d8a4 100644 --- a/channels/smartcard/client/smartcard_operations.c +++ b/channels/smartcard/client/smartcard_operations.c @@ -1032,7 +1032,10 @@ static UINT32 handle_Control(IRP* irp) sendBuffer = malloc(outBufferSize); if (!sendBuffer) + { + free(recvBuffer); return smartcard_output_return(irp, SCARD_E_NO_MEMORY); + } status = SCardControl(hCard, (DWORD) controlCode, recvBuffer, (DWORD) recvLength, sendBuffer, (DWORD) outBufferSize, &nBytesReturned); diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c index 99d714513..f0aa961d1 100644 --- a/channels/urbdrc/client/data_transfer.c +++ b/channels/urbdrc/client/data_transfer.c @@ -279,6 +279,7 @@ static int urbdrc_process_io_control(URBDRC_CHANNEL_CALLBACK* callback, BYTE* da default: LLOGLN(urbdrc_debug, ("urbdrc_process_io_control: unknown IoControlCode 0x%X", IoControlCode)); + zfree(OutputBuffer); return -1; break; } @@ -1718,6 +1719,7 @@ static int urb_control_feature_request(URBDRC_CHANNEL_CALLBACK * callback, BYTE break; default: fprintf(stderr, "urb_control_feature_request: Error Command %x\n", command); + zfree(out_data); return -1; } diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c index a2f417527..82775fffb 100644 --- a/channels/urbdrc/client/libusb/libusb_udevice.c +++ b/channels/urbdrc/client/libusb/libusb_udevice.c @@ -485,6 +485,7 @@ static LIBUSB_DEVICE_DESCRIPTOR* udev_new_descript(LIBUSB_DEVICE* libusb_dev) if (ret < 0) { fprintf(stderr, "libusb_get_device_descriptor: ERROR!!\n"); + free(descriptor); return NULL; } @@ -1543,6 +1544,9 @@ static int func_cancel_xact_request(TRANSFER_REQUEST *request) { int status; + if (!request) + return -1; + if ((!request->transfer) || (request->endpoint != request->transfer->endpoint) || (request->transfer->endpoint == 0) || (request->submit != 1)) { @@ -1583,6 +1587,8 @@ cancel_retry: while (request_queue->has_next(request_queue)) { request = request_queue->get_next(request_queue); + if (!request) + continue; LLOGLN(libusb_debug, ("%s: CancelId:0x%x RequestId:0x%x endpoint 0x%x!!", __func__, RequestId, request->RequestId, request->endpoint)); diff --git a/client/X11/xf_window.c b/client/X11/xf_window.c index e12cdc344..b428048a5 100644 --- a/client/X11/xf_window.c +++ b/client/X11/xf_window.c @@ -832,6 +832,7 @@ void xf_SetWindowIcon(xfContext* xfc, xfWindow* window, rdpIcon* icon) PropModeReplace, (BYTE*) propdata, propsize); XFlush(xfc->display); + free(propdata); } void xf_SetWindowRects(xfContext* xfc, xfWindow* window, RECTANGLE_16* rects, int nrects) diff --git a/client/common/compatibility.c b/client/common/compatibility.c index 57f2ac322..048afa599 100644 --- a/client/common/compatibility.c +++ b/client/common/compatibility.c @@ -125,6 +125,9 @@ int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args) } else if (strcmp(args->argv[0], "rdpdr") == 0) { + if (args->argc < 2) + return -1; + if ((strcmp(args->argv[1], "disk") == 0) || (strcmp(args->argv[1], "drive") == 0)) { @@ -156,11 +159,17 @@ int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args) } else if (strcmp(args->argv[0], "rdpsnd") == 0) { + if (args->argc < 2) + return -1; + freerdp_addin_replace_argument_value(args, args->argv[1], "sys", args->argv[1]); freerdp_client_add_static_channel(settings, args->argc, args->argv); } else if (strcmp(args->argv[0], "rail") == 0) { + if (args->argc < 2) + return -1; + settings->RemoteApplicationProgram = _strdup(args->argv[1]); } else diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c index af8737aad..00e6adea6 100644 --- a/libfreerdp/codec/rfx.c +++ b/libfreerdp/codec/rfx.c @@ -583,7 +583,7 @@ void CALLBACK rfx_process_message_tile_work_callback(PTP_CALLBACK_INSTANCE insta static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* message, wStream* s) { - int i; + int i, close_cnt; int pos; BYTE quant; RFX_TILE* tile; @@ -692,9 +692,12 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* messa free(work_objects); return FALSE; } + ZeroMemory(work_objects, sizeof(PTP_WORK) * message->numTiles); + ZeroMemory(params, sizeof(RFX_TILE_PROCESS_WORK_PARAM) * message->numTiles); } /* tiles */ + close_cnt = 0; for (i = 0; i < message->numTiles; i++) { tile = message->tiles[i] = (RFX_TILE*) ObjectPool_Take(context->priv->TilePool); @@ -760,6 +763,7 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* messa (void*) ¶ms[i], &context->priv->ThreadPoolEnv); SubmitThreadpoolWork(work_objects[i]); + close_cnt = i + 1; } else { @@ -771,16 +775,18 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* messa if (context->priv->UseThreads) { - for (i = 0; i < message->numTiles; i++) + for (i = 0; i < close_cnt; i++) { WaitForThreadpoolWorkCallbacks(work_objects[i], FALSE); CloseThreadpoolWork(work_objects[i]); } - - free(work_objects); - free(params); } + if (work_objects) + free(work_objects); + if (params) + free(params); + for (i = 0; i < message->numTiles; i++) { tile = message->tiles[i]; @@ -1063,7 +1069,7 @@ void CALLBACK rfx_compose_message_tile_work_callback(PTP_CALLBACK_INSTANCE insta RFX_MESSAGE* rfx_encode_message(RFX_CONTEXT* context, const RFX_RECT* rects, int numRects, BYTE* data, int width, int height, int scanline) { - int i; + int i, close_cnt; int xIdx; int yIdx; int numTilesX; @@ -1077,6 +1083,9 @@ RFX_MESSAGE* rfx_encode_message(RFX_CONTEXT* context, const RFX_RECT* rects, RFX_TILE_COMPOSE_WORK_PARAM* params = NULL; message = (RFX_MESSAGE*) malloc(sizeof(RFX_MESSAGE)); + if (!message) + return NULL; + ZeroMemory(message, sizeof(RFX_MESSAGE)); if (context->state == RFX_STATE_SEND_HEADERS) @@ -1116,9 +1125,24 @@ RFX_MESSAGE* rfx_encode_message(RFX_CONTEXT* context, const RFX_RECT* rects, if (context->priv->UseThreads) { work_objects = (PTP_WORK*) malloc(sizeof(PTP_WORK) * message->numTiles); - params = (RFX_TILE_COMPOSE_WORK_PARAM*) malloc(sizeof(RFX_TILE_COMPOSE_WORK_PARAM) * message->numTiles); + if (!work_objects) + { + free(message); + return NULL; + } + params = (RFX_TILE_COMPOSE_WORK_PARAM*) + malloc(sizeof(RFX_TILE_COMPOSE_WORK_PARAM) * message->numTiles); + if (!params) + { + free(message); + free(work_objects); + return NULL; + } + ZeroMemory(work_objects, sizeof(PTP_WORK) * message->numTiles); + ZeroMemory(params, sizeof(RFX_TILE_COMPOSE_WORK_PARAM) * message->numTiles); } + close_cnt = 0; for (yIdx = 0; yIdx < numTilesY; yIdx++) { for (xIdx = 0; xIdx < numTilesX; xIdx++) @@ -1164,6 +1188,7 @@ RFX_MESSAGE* rfx_encode_message(RFX_CONTEXT* context, const RFX_RECT* rects, (void*) ¶ms[i], &context->priv->ThreadPoolEnv); SubmitThreadpoolWork(work_objects[i]); + close_cnt = i + 1; } else { @@ -1174,11 +1199,11 @@ RFX_MESSAGE* rfx_encode_message(RFX_CONTEXT* context, const RFX_RECT* rects, message->tilesDataSize = 0; - for (i = 0; i < message->numTiles; i++) + for (i = 0; i < close_cnt; i++) { tile = message->tiles[i]; - if (context->priv->UseThreads) + if (context->priv->UseThreads && work_objects) { WaitForThreadpoolWorkCallbacks(work_objects[i], FALSE); CloseThreadpoolWork(work_objects[i]); @@ -1187,11 +1212,11 @@ RFX_MESSAGE* rfx_encode_message(RFX_CONTEXT* context, const RFX_RECT* rects, message->tilesDataSize += rfx_tile_length(tile); } - if (context->priv->UseThreads) - { + if (work_objects) free(work_objects); + + if (params) free(params); - } return message; } diff --git a/libfreerdp/core/gateway/http.c b/libfreerdp/core/gateway/http.c index ca1845479..aebaa736f 100644 --- a/libfreerdp/core/gateway/http.c +++ b/libfreerdp/core/gateway/http.c @@ -365,6 +365,12 @@ BOOL http_response_parse_header(HttpResponse* http_response) char end_of_header_char; char c; + if (!http_response) + return FALSE; + + if (!http_response->lines) + return FALSE; + if (!http_response_parse_header_status_line(http_response, http_response->lines[0])) return FALSE; diff --git a/libfreerdp/core/gateway/tsg.c b/libfreerdp/core/gateway/tsg.c index 52aa0030d..3a2008c24 100644 --- a/libfreerdp/core/gateway/tsg.c +++ b/libfreerdp/core/gateway/tsg.c @@ -399,6 +399,7 @@ BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) { fprintf(stderr, "Unexpected ComponentId: 0x%04X, Expected TS_GATEWAY_TRANSPORT\n", versionCaps->tsgHeader.ComponentId); + free(packet); return FALSE; } @@ -436,6 +437,7 @@ BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) { fprintf(stderr, "Unexpected PacketId: 0x%08X, Expected TSG_PACKET_TYPE_CAPS_RESPONSE " "or TSG_PACKET_TYPE_QUARENC_RESPONSE\n", packet->packetId); + free(packet); return FALSE; } @@ -565,7 +567,9 @@ BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) if ((packet->packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE)) { - fprintf(stderr, "Unexpected PacketId: 0x%08X, Expected TSG_PACKET_TYPE_RESPONSE\n", packet->packetId); + fprintf(stderr, "Unexpected PacketId: 0x%08X, Expected TSG_PACKET_TYPE_RESPONSE\n", + packet->packetId); + free(packet); return FALSE; } @@ -580,6 +584,8 @@ BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu) { fprintf(stderr, "Unexpected Packet Response Flags: 0x%08X, Expected TSG_PACKET_TYPE_QUARREQUEST\n", packetResponse->flags); + free(packet); + free(packetResponse); return FALSE; } @@ -715,7 +721,9 @@ BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, RPC_PDU* pdu) if ((packet->packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) || (SwitchValue != TSG_PACKET_TYPE_MESSAGE_PACKET)) { - fprintf(stderr, "Unexpected PacketId: 0x%08X, Expected TSG_PACKET_TYPE_MESSAGE_PACKET\n", packet->packetId); + fprintf(stderr, "Unexpected PacketId: 0x%08X, Expected TSG_PACKET_TYPE_MESSAGE_PACKET\n", + packet->packetId); + free(packet); return FALSE; } @@ -783,7 +791,9 @@ BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, RPC_PDU* pdu) break; default: - fprintf(stderr, "TsProxyMakeTunnelCallReadResponse: unexpected message type: %d\n", SwitchValue); + fprintf(stderr, "TsProxyMakeTunnelCallReadResponse: unexpected message type: %d\n", + SwitchValue); + free(packet); return FALSE; break; } diff --git a/libfreerdp/core/listener.c b/libfreerdp/core/listener.c index b74c4ec43..e275ad404 100644 --- a/libfreerdp/core/listener.c +++ b/libfreerdp/core/listener.c @@ -279,7 +279,7 @@ static BOOL freerdp_listener_check_fds(freerdp_listener* instance) int i; void* sin_addr; int peer_sockfd; - freerdp_peer* client; + freerdp_peer* client = NULL; socklen_t peer_addr_size; struct sockaddr_storage peer_addr; rdpListener* listener = (rdpListener*) instance->listener; @@ -306,7 +306,8 @@ static BOOL freerdp_listener_check_fds(freerdp_listener* instance) continue; #endif perror("accept"); - free(client); + if (client) + free(client); return FALSE; } diff --git a/libfreerdp/crypto/er.c b/libfreerdp/crypto/er.c index 04d0c1ca6..e5a5f72f9 100644 --- a/libfreerdp/crypto/er.c +++ b/libfreerdp/crypto/er.c @@ -34,6 +34,13 @@ void er_read_length(wStream* s, int* length) Stream_Read_UINT8(s, byte); + if (!length) + return; + + *length = 0; + if (!s) + return; + if (byte & 0x80) { byte &= ~(0x80); @@ -236,7 +243,7 @@ int er_skip_sequence_tag(int length) BOOL er_read_enumerated(wStream* s, BYTE* enumerated, BYTE count) { - int length; + int length = 0; er_read_universal_tag(s, ER_TAG_ENUMERATED, FALSE); er_read_length(s, &length); @@ -320,7 +327,7 @@ int er_skip_octet_string(int length) BOOL er_read_BOOL(wStream* s, BOOL* value) { - int length; + int length = 0; BYTE v; if (!er_read_universal_tag(s, ER_TAG_BOOLEAN, FALSE)) @@ -348,7 +355,7 @@ void er_write_BOOL(wStream* s, BOOL value) BOOL er_read_integer(wStream* s, UINT32* value) { - int length; + int length = 0; er_read_universal_tag(s, ER_TAG_INTEGER, FALSE); er_read_length(s, &length); diff --git a/winpr/libwinpr/crt/string.c b/winpr/libwinpr/crt/string.c index a98f2fb63..ed7c84a44 100644 --- a/winpr/libwinpr/crt/string.c +++ b/winpr/libwinpr/crt/string.c @@ -159,22 +159,23 @@ LPSTR CharUpperA(LPSTR lpsz) int i; int length; - length = strlen(lpsz); + if (!lpsz) + return NULL; + length = strlen(lpsz); if (length < 1) return (LPSTR) NULL; if (length == 1) { - LPSTR pc = NULL; char c = *lpsz; if ((c >= 'a') && (c <= 'z')) c = c - 32; - *pc = c; + *lpsz = c; - return pc; + return lpsz; } for (i = 0; i < length; i++) diff --git a/winpr/libwinpr/file/file.c b/winpr/libwinpr/file/file.c index 843a09fc0..3df76f3d1 100644 --- a/winpr/libwinpr/file/file.c +++ b/winpr/libwinpr/file/file.c @@ -205,7 +205,11 @@ HANDLE CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, status = connect(pNamedPipe->clientfd, (struct sockaddr*) &s, sizeof(struct sockaddr_un)); if (status != 0) + { + close(pNamedPipe->clientfd); + free(pNamedPipe); return INVALID_HANDLE_VALUE; + } return hNamedPipe; } diff --git a/winpr/libwinpr/file/pattern.c b/winpr/libwinpr/file/pattern.c index 4a79cd3ce..ff319a1c9 100644 --- a/winpr/libwinpr/file/pattern.c +++ b/winpr/libwinpr/file/pattern.c @@ -314,7 +314,7 @@ BOOL FilePatternMatchA(LPCSTR lpFileName, LPCSTR lpPattern) LPSTR lpY; size_t cchX; size_t cchY; - LPSTR lpMatchEnd; + LPSTR lpMatchEnd = NULL; LPSTR lpSubPattern; size_t cchSubPattern; LPSTR lpSubFileName; diff --git a/winpr/libwinpr/path/shell.c b/winpr/libwinpr/path/shell.c index 1bf44f340..ff1b2cf70 100644 --- a/winpr/libwinpr/path/shell.c +++ b/winpr/libwinpr/path/shell.c @@ -287,6 +287,8 @@ char* GetCombinedPath(char* basePath, char* subPath) length = basePathLength + subPathLength + 1; path = (char*) malloc(length + 1); + if (!path) + return NULL; CopyMemory(path, basePath, basePathLength); path[basePathLength] = '\0'; diff --git a/winpr/libwinpr/registry/registry_reg.c b/winpr/libwinpr/registry/registry_reg.c index 93cd26031..e986346b1 100644 --- a/winpr/libwinpr/registry/registry_reg.c +++ b/winpr/libwinpr/registry/registry_reg.c @@ -183,6 +183,9 @@ RegVal* reg_load_value(Reg* reg, RegKey* key) BOOL reg_load_has_next_line(Reg* reg) { + if (!reg) + return FALSE; + return (reg->next_line != NULL) ? 1 : 0; } diff --git a/winpr/libwinpr/rpc/ndr_correlation.c b/winpr/libwinpr/rpc/ndr_correlation.c index e12ee35d8..523cf6f1c 100644 --- a/winpr/libwinpr/rpc/ndr_correlation.c +++ b/winpr/libwinpr/rpc/ndr_correlation.c @@ -112,6 +112,9 @@ PFORMAT_STRING NdrpComputeCount(PMIDL_STUB_MESSAGE pStubMsg, unsigned char* pMem break; } + if (!ptr) + return pFormat; + switch (type) { case FC_LONG: diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_message.c b/winpr/libwinpr/sspi/NTLM/ntlm_message.c index 487a4d5fc..e1b733a0b 100644 --- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c +++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c @@ -650,6 +650,7 @@ SECURITY_STATUS ntlm_read_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer message = &context->AUTHENTICATE_MESSAGE; ZeroMemory(message, sizeof(NTLM_AUTHENTICATE_MESSAGE)); + ZeroMemory(&response, sizeof(NTLMv2_RESPONSE)); s = Stream_New(buffer->pvBuffer, buffer->cbBuffer); diff --git a/winpr/libwinpr/synch/semaphore.c b/winpr/libwinpr/synch/semaphore.c index 9e33d8a8a..9cff8b6e0 100644 --- a/winpr/libwinpr/synch/semaphore.c +++ b/winpr/libwinpr/synch/semaphore.c @@ -53,6 +53,7 @@ HANDLE CreateSemaphoreW(LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lIniti if (pipe(semaphore->pipe_fd) < 0) { fprintf(stderr, "CreateSemaphoreW: failed to create semaphore\n"); + free(semaphore); return NULL; } @@ -62,6 +63,7 @@ HANDLE CreateSemaphoreW(LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lIniti { close(semaphore->pipe_fd[0]); close(semaphore->pipe_fd[1]); + free(semaphore); return FALSE; } diff --git a/winpr/libwinpr/synch/timer.c b/winpr/libwinpr/synch/timer.c index bc32ffcdb..32b38a042 100644 --- a/winpr/libwinpr/synch/timer.c +++ b/winpr/libwinpr/synch/timer.c @@ -53,14 +53,20 @@ HANDLE CreateWaitableTimerA(LPSECURITY_ATTRIBUTES lpTimerAttributes, BOOL bManua #ifdef HAVE_TIMERFD_H timer->fd = timerfd_create(CLOCK_MONOTONIC, 0); - if (timer->fd <= 0) + { + free(timer); return NULL; + } status = fcntl(timer->fd, F_SETFL, O_NONBLOCK); if (status) + { + close(timer->fd); + free(timer); return NULL; + } #endif } diff --git a/winpr/libwinpr/utils/collections/Reference.c b/winpr/libwinpr/utils/collections/Reference.c index 171123661..ab62c366e 100644 --- a/winpr/libwinpr/utils/collections/Reference.c +++ b/winpr/libwinpr/utils/collections/Reference.c @@ -70,6 +70,9 @@ wReference* ReferenceTable_GetFreeEntry(wReferenceTable* referenceTable) if (!found) { + if (!referenceTable->size) + return NULL; + referenceTable->size *= 2; referenceTable->array = (wReference*) realloc(referenceTable->array, sizeof(wReference) * referenceTable->size);