Corrected memory management flaws found by Joris Dobbelsteen

libburn/trunk/cdrskin/cdrskin_timestamp.h

@@ -1 +1 @@
-#define Cdrskin_timestamP "2007.08.22.173459"
+#define Cdrskin_timestamP "2007.08.25.085709"

libburn/trunk/libburn/file.c

@@ -100,7 +100,7 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
 	fd1 = open(path, O_RDONLY);
 	if (fd1 == -1)
 		return NULL;
-	if (subpath) {
+	if (subpath != NULL) {
 		fd2 = open(subpath, O_RDONLY);
 		if (fd2 == -1) {
 			close(fd1);
@@ -108,6 +108,16 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
 		}
 	}
 	fs = malloc(sizeof(struct burn_source_file));
+
+	/* ts A70825 */
+	if (fs == NULL) {
+failure:;
+		close(fd1);
+		if (subpath != NULL)
+			close(fd2);
+		return NULL;
+	}
+
 	fs->datafd = fd1;
 
 	if (subpath)
@@ -117,6 +127,13 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
 	fs->fixed_size = 0;
 
 	src = burn_source_new();
+
+	/* ts A70825 */
+	if (src == NULL) {
+		free((char *) fs);
+		goto failure;
+	}
+
 	src->read = file_read;
 	if (subpath)
 		src->read_sub = file_read_sub;
@@ -139,11 +156,20 @@ struct burn_source *burn_fd_source_new(int datafd, int subfd, off_t size)
 	if (datafd == -1)
 		return NULL;
 	fs = malloc(sizeof(struct burn_source_file));
+	if (fs == NULL) /* ts A70825 */
+		return NULL;
 	fs->datafd = datafd;
 	fs->subfd = subfd;
 	fs->fixed_size = size;
 
 	src = burn_source_new();
+
+	/* ts A70825 */
+	if (src == NULL) {
+		free((char *) fs);
+		return NULL;
+	}
+
 	src->read = file_read;
 	if(subfd != -1)
 		src->read = file_read_sub;

libburn/trunk/libburn/libburn.h

@@ -1127,7 +1127,9 @@ int burn_msf_to_lba(int m, int s, int f);
 */
 void burn_lba_to_msf(int lba, int *m, int *s, int *f);
 
-/** Create a new disc */
+/** Create a new disc
+    @return Pointer to a burn_disc object or NULL on failure.
+*/
 struct burn_disc *burn_disc_create(void);
 
 /** Delete disc and decrease the reference count on all its sessions
@@ -1135,7 +1137,9 @@ struct burn_disc *burn_disc_create(void);
 */
 void burn_disc_free(struct burn_disc *d);
 
-/** Create a new session */
+/** Create a new session
+    @return Pointer to a burn_session object or NULL on failure.
+ */
 struct burn_session *burn_session_create(void);
 
 /** Free a session (and decrease reference count on all tracks inside)
@@ -1264,7 +1268,12 @@ int burn_track_set_default_size(struct burn_track *t, off_t size);
 */
 void burn_source_free(struct burn_source *s);
 
-/** Creates a data source for an image file (and maybe subcode file) */
+/** Creates a data source for an image file (and maybe subcode file)
+    @param path The file address for the main channel payload.
+    @param subpath Eventual address for subchannel data. Only used in exotic
+                   raw write modes. Submit NULL for normal tasks.
+    @return Pointer to a burn_source object, NULL indicates failure
+*/
 struct burn_source *burn_file_source_new(const char *path,
 					 const char *subpath);
 
@@ -1272,9 +1281,11 @@ struct burn_source *burn_file_source_new(const char *path,
     readable filedescriptor, an eventually open readable subcodes file
     descriptor and eventually a fixed size in bytes.
     @param datafd The source of data.
-    @param subfd The eventual source for subcodes. Not used if -1.
+    @param subfd The eventual source of subchannel data. Only used in exotic
+                 raw write modes. Submit -1 for normal tasks.
     @param size The eventual fixed size of eventually both fds. 
                 If this value is 0, the size will be determined from datafd.
+    @return Pointer to a burn_source object, NULL indicates failure
 */
 struct burn_source *burn_fd_source_new(int datafd, int subfd, off_t size);
 

libburn/trunk/libburn/mmc.c

@@ -960,8 +960,9 @@ static int mmc_read_toc_al(struct burn_drive *d, int *alloc_len)
 		d->toc_entries = 0;
 		/* Prefering memory leaks over fandangos */
 		d->toc_entry = malloc(sizeof(struct burn_toc_entry));
-		memset(&(d->toc_entry[0]), 0, sizeof(struct burn_toc_entry));
+		if (d->toc_entry != NULL) /* ts A70825 */
-
+			memset(&(d->toc_entry[0]), 0,
+				 sizeof(struct burn_toc_entry));
 		return 0;
 	}
 
@@ -982,6 +983,8 @@ static int mmc_read_toc_al(struct burn_drive *d, int *alloc_len)
 	a ssert(((dlen - 2) % 11) == 0);
 */
 	d->toc_entry = malloc(d->toc_entries * sizeof(struct burn_toc_entry));
+	if(d->toc_entry == NULL) /* ts A70825 */
+		return 0;
 	for (i = 0; i < d->toc_entries; i++)
 		memset(&(d->toc_entry[i]), 0, sizeof(struct burn_toc_entry));
 	tdata = c.page->data + 4;
@@ -989,9 +992,13 @@ static int mmc_read_toc_al(struct burn_drive *d, int *alloc_len)
 	burn_print(12, "TOC:\n");
 
 	d->disc = burn_disc_create();
+	if (d->disc == NULL) /* ts A70825 */
+		return 0;
 
 	for (i = 0; i < c.page->data[3]; i++) {
 		session = burn_session_create();
+		if (session == NULL) /* ts A70825 */
+			return 0;
 		burn_disc_add_session(d->disc, session, BURN_POS_END);
 		burn_session_free(session);
 	}

libburn/trunk/libburn/source.c

@@ -34,6 +34,12 @@ struct burn_source *burn_source_new(void)
 	struct burn_source *out;
 
 	out = calloc(1, sizeof(struct burn_source));
+
+	/* ts A70825 */
+	if (out == NULL)
+		return NULL;
+	memset((char *) out, 0, sizeof(struct burn_source));
+
 	out->refcount = 1;
 	return out;
 }

libburn/trunk/libburn/structure.c

@@ -40,6 +40,8 @@ struct burn_disc *burn_disc_create(void)
 {
 	struct burn_disc *d;
 	d = calloc(1, sizeof(struct burn_disc));
+	if (d == NULL) /* ts A70825 */
+		return NULL;
 	d->refcnt = 1;
 	d->sessions = 0;
 	d->session = NULL;
@@ -64,6 +66,8 @@ struct burn_session *burn_session_create(void)
 {
 	struct burn_session *s;
 	s = calloc(1, sizeof(struct burn_session));
+	if (s == NULL) /* ts A70825 */
+		return NULL;
 	s->refcnt = 1;
 	s->tracks = 0;
 	s->track = NULL;
@@ -104,6 +108,8 @@ struct burn_track *burn_track_create(void)
 {
 	struct burn_track *t;
 	t = calloc(1, sizeof(struct burn_track));
+	if (t == NULL) /* ts A70825 */
+		return NULL;
 	t->refcnt = 1;
 	t->indices = 0;
 	t->offset = 0;