[PATCH ] sdp: Fix memory issues to avoid potential crash

[PATCH ] sdp: Fix memory issues to avoid potential crash

[Vikrampal Yadav]

NULL pointer check added to handle memory allocation
failure scenarios.
---
 src/sdp-xml.c       | 16 +++++++++++++++-
 src/sdpd-database.c |  4 ++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/sdp-xml.c b/src/sdp-xml.c
index 6492781..a9c4723 100644
--- a/src/sdp-xml.c
+++ b/src/sdp-xml.c
@@ -91,6 +91,10 @@ static struct sdp_xml_data *sdp_xml_data_alloc(void)
 	/* Null terminate the text */
 	elem->size = DEFAULT_XML_DATA_SIZE;
 	elem->text = malloc(DEFAULT_XML_DATA_SIZE);
+	if (!elem->text) {
+		free(elem);
+		return NULL;
+	}
 	elem->text[0] = '\0';
 
 	return elem;
@@ -333,6 +337,8 @@ static char *sdp_xml_parse_string_decode(const char *data, char encoding,
 		int i;
 
 		decoded = malloc((len >> 1) + 1);
+		if (!decoded)
+			return NULL;
 
 		/* Ensure the string is a power of 2 */
 		len = (len >> 1) << 1;
@@ -823,7 +829,7 @@ static void convert_raw_data_to_xml(sdp_data_t *value, int indent_level,
 	{
 		int num_chars_to_escape = 0;
 		int length = value->unitSize - 1;
-		char *strBuf = 0;
+		char *strBuf;
 
 		hex = 0;
 
@@ -850,6 +856,10 @@ static void convert_raw_data_to_xml(sdp_data_t *value, int indent_level,
 			appender(data, "encoding=\"hex\" ");
 			strBuf = malloc(sizeof(char)
 						 * ((value->unitSize-1) * 2 + 1));
+			if (!strBuf) {
+				DBG("No memory to convert raw data to xml");
+				return;
+			}
 
 			/* Unit Size seems to include the size for dtd
 			   It is thus off by 1
@@ -866,6 +876,10 @@ static void convert_raw_data_to_xml(sdp_data_t *value, int indent_level,
 			/* escape the XML disallowed chars */
 			strBuf = malloc(sizeof(char) *
 					(value->unitSize + 1 + num_chars_to_escape * 4));
+			if (!strBuf) {
+				DBG("No memory to convert raw data to xml");
+				return;
+			}
 			for (i = 0, j = 0; i < length; i++) {
 				if (value->val.str[i] == '&') {
 					strBuf[j++] = '&';
diff --git a/src/sdpd-database.c b/src/sdpd-database.c
index f65a526..e825f69 100644
--- a/src/sdpd-database.c
+++ b/src/sdpd-database.c
@@ -157,6 +157,10 @@ static int compare_indices(const void *i1, const void *i2)
 void sdp_svcdb_set_collectable(sdp_record_t *record, int sock)
 {
 	sdp_indexed_t *item = malloc(sizeof(sdp_indexed_t));
+	if (!item) {
+		SDPDBG("No memory");
+		return;
+	}
 	item->sock = sock;
 	item->record = record;
 	socket_index = sdp_list_insert_sorted(socket_index, item, compare_indices);
-- 
1.9.1

Re: [PATCH ] sdp: Fix memory issues to avoid potential crash

[Johan Hedberg]

Hi Vikram,

On Mon, Jun 16, 2014, Vikrampal Yadav wrote:
> NULL pointer check added to handle memory allocation
> failure scenarios.
> ---
>  src/sdp-xml.c       | 16 +++++++++++++++-
>  src/sdpd-database.c |  4 ++++
>  2 files changed, 19 insertions(+), 1 deletion(-)

Thanks. The patch has now been applied (after one more tiny coding-style
improvement).

One thing that I'm surprised you didn't send another patch for is that
this patch exposes two missing NULL checks for the calls to the
sdp_xml_parse_string_decode() function. You should have seen those if
you were compiling the source tree with ./bootstrap-configure, or at
least with --enable-maintainer-mode. Please do that for all future patch
submissions. For this time I went ahead and applied an extra patch to
fix these missing checks.

Johan