[PATCH v3] tools/sdptool: Fix NULL pointer dereference

linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v3] tools/sdptool: Fix NULL pointer dereference
@ 2015-07-28  9:12 Atul Rai
  2015-07-29  7:07 ` Johan Hedberg
  0 siblings, 1 reply; 2+ messages in thread
From: Atul Rai @ 2015-07-28  9:12 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: sachin.dev

This patch fixes NULL pointer dereferences in case malloc fails
and returns NULL.
---
 tools/sdptool.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/tools/sdptool.c b/tools/sdptool.c
index 257964d..cd8bfb6 100644
--- a/tools/sdptool.c
+++ b/tools/sdptool.c
@@ -925,6 +925,11 @@ static int set_attribseq(sdp_session_t *session, uint32_t handle, uint16_t attri
 	valueArray = (void **)malloc(argc * sizeof(void *));
 	allocArray = (void **)malloc(argc * sizeof(void *));
 
+	if (!dtdArray || !valueArray || !allocArray) {
+		ret = -ENOMEM;
+		goto cleanup;
+	}
+
 	/* Loop on all args, add them in arrays */
 	for (i = 0; i < argc; i++) {
 		/* Check the type of attribute */
@@ -932,6 +937,11 @@ static int set_attribseq(sdp_session_t *session, uint32_t handle, uint16_t attri
 			/* UUID16 */
 			uint16_t value_int = strtoul((argv[i]) + 3, NULL, 16);
 			uuid_t *value_uuid = (uuid_t *) malloc(sizeof(uuid_t));
+			if (!value_uuid) {
+				ret = -ENOMEM;
+				goto cleanup;
+			}
+
 			allocArray[i] = value_uuid;
 			sdp_uuid16_create(value_uuid, value_int);
 
@@ -941,6 +951,11 @@ static int set_attribseq(sdp_session_t *session, uint32_t handle, uint16_t attri
 		} else if (!strncasecmp(argv[i], "0x", 2)) {
 			/* Int */
 			uint32_t *value_int = (uint32_t *) malloc(sizeof(int));
+			if (!value_int) {
+				ret = -ENOMEM;
+				goto cleanup;
+			}
+
 			allocArray[i] = value_int;
 			*value_int = strtoul((argv[i]) + 2, NULL, 16);
 
@@ -967,9 +982,14 @@ static int set_attribseq(sdp_session_t *session, uint32_t handle, uint16_t attri
 	} else
 		printf("Failed to create pSequenceHolder\n");
 
+cleanup:
+	if (ret == -ENOMEM)
+		printf("Memory allocation failed\n");
+
 	/* Cleanup */
 	for (i = 0; i < argc; i++)
-		free(allocArray[i]);
+		if (allocArray)
+			free(allocArray[i]);
 
 	free(dtdArray);
 	free(valueArray);
-- 
2.1.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v3] tools/sdptool: Fix NULL pointer dereference
  2015-07-28  9:12 [PATCH v3] tools/sdptool: Fix NULL pointer dereference Atul Rai
@ 2015-07-29  7:07 ` Johan Hedberg
  0 siblings, 0 replies; 2+ messages in thread
From: Johan Hedberg @ 2015-07-29  7:07 UTC (permalink / raw)
  To: Atul Rai; +Cc: linux-bluetooth, sachin.dev

Hi Atul,

On Tue, Jul 28, 2015, Atul Rai wrote:
> This patch fixes NULL pointer dereferences in case malloc fails
> and returns NULL.
> ---
>  tools/sdptool.c | 22 +++++++++++++++++++++-
>  1 file changed, 21 insertions(+), 1 deletion(-)

Applied. Thanks.

Johan

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-07-29  7:07 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-28  9:12 [PATCH v3] tools/sdptool: Fix NULL pointer dereference Atul Rai
2015-07-29  7:07 ` Johan Hedberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).