Corrected memory management flaws found by Joris Dobbelsteen
This commit is contained in:
@ -100,7 +100,7 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
|
||||
fd1 = open(path, O_RDONLY);
|
||||
if (fd1 == -1)
|
||||
return NULL;
|
||||
if (subpath) {
|
||||
if (subpath != NULL) {
|
||||
fd2 = open(subpath, O_RDONLY);
|
||||
if (fd2 == -1) {
|
||||
close(fd1);
|
||||
@ -108,6 +108,16 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
|
||||
}
|
||||
}
|
||||
fs = malloc(sizeof(struct burn_source_file));
|
||||
|
||||
/* ts A70825 */
|
||||
if (fs == NULL) {
|
||||
failure:;
|
||||
close(fd1);
|
||||
if (subpath != NULL)
|
||||
close(fd2);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
fs->datafd = fd1;
|
||||
|
||||
if (subpath)
|
||||
@ -117,6 +127,13 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
|
||||
fs->fixed_size = 0;
|
||||
|
||||
src = burn_source_new();
|
||||
|
||||
/* ts A70825 */
|
||||
if (src == NULL) {
|
||||
free((char *) fs);
|
||||
goto failure;
|
||||
}
|
||||
|
||||
src->read = file_read;
|
||||
if (subpath)
|
||||
src->read_sub = file_read_sub;
|
||||
@ -139,11 +156,20 @@ struct burn_source *burn_fd_source_new(int datafd, int subfd, off_t size)
|
||||
if (datafd == -1)
|
||||
return NULL;
|
||||
fs = malloc(sizeof(struct burn_source_file));
|
||||
if (fs == NULL) /* ts A70825 */
|
||||
return NULL;
|
||||
fs->datafd = datafd;
|
||||
fs->subfd = subfd;
|
||||
fs->fixed_size = size;
|
||||
|
||||
src = burn_source_new();
|
||||
|
||||
/* ts A70825 */
|
||||
if (src == NULL) {
|
||||
free((char *) fs);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
src->read = file_read;
|
||||
if(subfd != -1)
|
||||
src->read = file_read_sub;
|
||||
|
Reference in New Issue
Block a user