Corrected memory management flaws found by Joris Dobbelsteen

This commit is contained in:
2007-08-25 08:58:41 +00:00
parent 5f66cf5d2f
commit 16a5bbacb4
6 changed files with 64 additions and 8 deletions

View File

@ -100,7 +100,7 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
fd1 = open(path, O_RDONLY);
if (fd1 == -1)
return NULL;
if (subpath) {
if (subpath != NULL) {
fd2 = open(subpath, O_RDONLY);
if (fd2 == -1) {
close(fd1);
@ -108,6 +108,16 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
}
}
fs = malloc(sizeof(struct burn_source_file));
/* ts A70825 */
if (fs == NULL) {
failure:;
close(fd1);
if (subpath != NULL)
close(fd2);
return NULL;
}
fs->datafd = fd1;
if (subpath)
@ -117,6 +127,13 @@ struct burn_source *burn_file_source_new(const char *path, const char *subpath)
fs->fixed_size = 0;
src = burn_source_new();
/* ts A70825 */
if (src == NULL) {
free((char *) fs);
goto failure;
}
src->read = file_read;
if (subpath)
src->read_sub = file_read_sub;
@ -139,11 +156,20 @@ struct burn_source *burn_fd_source_new(int datafd, int subfd, off_t size)
if (datafd == -1)
return NULL;
fs = malloc(sizeof(struct burn_source_file));
if (fs == NULL) /* ts A70825 */
return NULL;
fs->datafd = datafd;
fs->subfd = subfd;
fs->fixed_size = size;
src = burn_source_new();
/* ts A70825 */
if (src == NULL) {
free((char *) fs);
return NULL;
}
src->read = file_read;
if(subfd != -1)
src->read = file_read_sub;