git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: 8245714c8a
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch

cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. Subject: [ Fix memory handling ]
    2. 

  2. Origin: FILE5_30-49-gbf90083a
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Mon Apr 24 18:57:35 2017 +0000
    5. 

  5. 

  6.     - centralize allocation so we can easily find out where things are done
    7. 

  7.     - limit property list memory limit further for oss-fuzz.
    8. 

  8. 

  9. --- a/src/cdf.c
    10. 

  10. +++ b/src/cdf.c
    11. 

  11. @@ -80,6 +80,28 @@
    12. 

  12.  			    CDF_TOLE8(CAST(uint64_t, x))))
    13. 

  13.  #define CDF_GETUINT32(x, y)	cdf_getuint32(x, y)
    14. 

  14.  
    15. 

  15. +#define CDF_MALLOC(n) cdf_malloc(__FILE__, __LINE__, (n))
    16. 

  16. +#define CDF_REALLOC(p, n) cdf_realloc(__FILE__, __LINE__, (p), (n))
    17. 

  17. +#define CDF_CALLOC(n, u) cdf_calloc(__FILE__, __LINE__, (n), (u))
    18. 

  18. +
    19. 

  19. +
    20. 

  20. +static void *
    21. 

  21. +cdf_malloc(const char *file, size_t line, size_t n) {
    22. 

  22. +	DPRINTF(("%s,%zu: %s %zu\n", file, line, __func__, n));
    23. 

  23. +	return malloc(n);
    24. 

  24. +}
    25. 

  25. +
    26. 

  26. +static void *
    27. 

  27. +cdf_realloc(const char *file, size_t line, void *p, size_t n) {
    28. 

  28. +	DPRINTF(("%s,%zu: %s %zu\n", file, line, __func__, n));
    29. 

  29. +	return realloc(p, n);
    30. 

  30. +}
    31. 

  31. +
    32. 

  32. +static void *
    33. 

  33. +cdf_calloc(const char *file, size_t line, size_t n, size_t u) {
    34. 

  34. +	DPRINTF(("%s,%zu: %s %zu %zu\n", file, line, __func__, n, u));
    35. 

  35. +	return calloc(n, u);
    36. 

  36. +}
    37. 

  37.  
    38. 

  38.  /*
    39. 

  39.   * swap a short
    40. 

  40. @@ -421,7 +443,7 @@
    41. 

  41.  	sat->sat_len = h->h_num_sectors_in_master_sat * nsatpersec + i;
    42. 

  42.  	DPRINTF(("sat_len = %" SIZE_T_FORMAT "u ss = %" SIZE_T_FORMAT "u\n",
    43. 

  43.  	    sat->sat_len, ss));
    44. 

  44. -	if ((sat->sat_tab = CAST(cdf_secid_t *, calloc(sat->sat_len, ss)))
    45. 

  45. +	if ((sat->sat_tab = CAST(cdf_secid_t *, CDF_CALLOC(sat->sat_len, ss)))
    46. 

  46.  	    == NULL)
    47. 

  47.  		return -1;
    48. 

  48.  
    49. 

  49. @@ -435,7 +457,7 @@
    50. 

  50.  		}
    51. 

  51.  	}
    52. 

  52.  
    53. 

  53. -	if ((msa = CAST(cdf_secid_t *, calloc(1, ss))) == NULL)
    54. 

  54. +	if ((msa = CAST(cdf_secid_t *, CDF_CALLOC(1, ss))) == NULL)
    55. 

  55.  		goto out1;
    56. 

  56.  
    57. 

  57.  	mid = h->h_secid_first_sector_in_master_sat;
    58. 

  58. @@ -536,7 +558,7 @@
    59. 

  59.  	if (scn->sst_len == (size_t)-1)
    60. 

  60.  		goto out;
    61. 

  61.  
    62. 

  62. -	scn->sst_tab = calloc(scn->sst_len, ss);
    63. 

  63. +	scn->sst_tab = CDF_CALLOC(scn->sst_len, ss);
    64. 

  64.  	if (scn->sst_tab == NULL)
    65. 

  65.  		return cdf_zero_stream(scn);
    66. 

  66.  
    67. 

  67. @@ -582,7 +604,7 @@
    68. 

  68.  	if (scn->sst_len == (size_t)-1)
    69. 

  69.  		goto out;
    70. 

  70.  
    71. 

  71. -	scn->sst_tab = calloc(scn->sst_len, ss);
    72. 

  72. +	scn->sst_tab = CDF_CALLOC(scn->sst_len, ss);
    73. 

  73.  	if (scn->sst_tab == NULL)
    74. 

  74.  		return cdf_zero_stream(scn);
    75. 

  75.  
    76. 

  76. @@ -640,11 +662,11 @@
    77. 

  77.  
    78. 

  78.  	dir->dir_len = ns * nd;
    79. 

  79.  	dir->dir_tab = CAST(cdf_directory_t *,
    80. 

  80. -	    calloc(dir->dir_len, sizeof(dir->dir_tab[0])));
    81. 

  81. +	    CDF_CALLOC(dir->dir_len, sizeof(dir->dir_tab[0])));
    82. 

  82.  	if (dir->dir_tab == NULL)
    83. 

  83.  		return -1;
    84. 

  84.  
    85. 

  85. -	if ((buf = CAST(char *, malloc(ss))) == NULL) {
    86. 

  86. +	if ((buf = CAST(char *, CDF_MALLOC(ss))) == NULL) {
    87. 

  87.  		free(dir->dir_tab);
    88. 

  88.  		return -1;
    89. 

  89.  	}
    90. 

  90. @@ -690,7 +712,7 @@
    91. 

  91.  	if (ssat->sat_len == (size_t)-1)
    92. 

  92.  		goto out;
    93. 

  93.  
    94. 

  94. -	ssat->sat_tab = CAST(cdf_secid_t *, calloc(ssat->sat_len, ss));
    95. 

  95. +	ssat->sat_tab = CAST(cdf_secid_t *, CDF_CALLOC(ssat->sat_len, ss));
    96. 

  96.  	if (ssat->sat_tab == NULL)
    97. 

  97.  		goto out1;
    98. 

  98.  
    99. 

  99. @@ -819,7 +841,7 @@
    100. 

  100.  }
    101. 

  101.  
    102. 

  102.  #define CDF_SHLEN_LIMIT (UINT32_MAX / 8)
    103. 

  103. -#define CDF_PROP_LIMIT (UINT32_MAX / (4 * sizeof(cdf_property_info_t)))
    104. 

  104. +#define CDF_PROP_LIMIT (UINT32_MAX / (8 * sizeof(cdf_property_info_t)))
    105. 

  105.  
    106. 

  106.  static const void *
    107. 

  107.  cdf_offset(const void *p, size_t l)
    108. 

  108. @@ -864,11 +886,13 @@
    109. 

  109.  	cdf_property_info_t *inp;
    110. 

  110.  	size_t newcount = *maxcount + incr;
    111. 

  111.  
    112. 

  112. -	if (newcount > CDF_PROP_LIMIT)
    113. 

  113. +	if (newcount > CDF_PROP_LIMIT) {
    114. 

  114. +		DPRINTF(("exceeded property limit %zu > %zu\n", 
    115. 

  115. +		    newcount, CDF_PROP_LIMIT));
    116. 

  116.  		goto out;
    117. 

  117. -	
    118. 

  118. +	}
    119. 

  119.  	inp = CAST(cdf_property_info_t *,
    120. 

  120. -	    realloc(*info, newcount * sizeof(*inp)));
    121. 

  121. +	    CDF_REALLOC(*info, newcount * sizeof(*inp)));
    122. 

  122.  	if (inp == NULL)
    123. 

  123.  		goto out;
    124. 

  124.  
    125. 

  125. @@ -938,10 +962,10 @@
    126. 

  126.  		goto out;
    127. 

  127.  
    128. 

  128.  	sh.sh_properties = CDF_TOLE4(shp->sh_properties);
    129. 

  129. -	if (sh.sh_properties > CDF_PROP_LIMIT)
    130. 

  130. -		goto out;
    131. 

  131.  	DPRINTF(("section len: %u properties %u\n", sh.sh_len,
    132. 

  132.  	    sh.sh_properties));
    133. 

  133. +	if (sh.sh_properties > CDF_PROP_LIMIT)
    134. 

  134. +		goto out;
    135. 

  135.  	inp = cdf_grow_info(info, maxcount, sh.sh_properties);
    136. 

  136.  	if (inp == NULL)
    137. 

  137.  		goto out;
    138. 

  138. @@ -1126,7 +1150,7 @@
    139. 

  139.  		return -1;
    140. 

  140.  	nr--;
    141. 

  141.  	*cat = CAST(cdf_catalog_t *,
    142. 

  142. -	    malloc(sizeof(cdf_catalog_t) + nr * sizeof(*ce)));
    143. 

  143. +	    CDF_MALLOC(sizeof(cdf_catalog_t) + nr * sizeof(*ce)));
    144. 

  144.  	if (*cat == NULL)
    145. 

  145.  		return -1;
    146. 

  146.  	ce = (*cat)->cat_e;
    147.