Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Coverity: fix assorted static analysis issues

Browse source 
RTF:
- Coverity-344490: Use cli_realloc instead of cli_realloc2.
  cli_realloc2 will free the memory if the allocation fails, though we
  also free the memory later in SCAN_CLEANUP.
- Fix warning about unused variable.

AutoIt:
- Fix possible memory leaks of input and output buffers.
- Set pointer to NULL after handing off memory to new pointer.
This commit is contained in:
Micah Snyder 2023-04-17 11:39:18 -07:00 committed by Micah Snyder
parent f79f942150
commit 3e8a9af4df
2 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
libclamav/autoit.c
View file

@ -761,6 +761,10 @@ static cl_error_t ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd)
cli_dbgmsg("autoit: file is compressed\n"); cli_dbgmsg("autoit: file is compressed\n");
if (cli_readint32(UNP.inputbuf) != 0x35304145) { if (cli_readint32(UNP.inputbuf) != 0x35304145) {
cli_dbgmsg("autoit: bad magic or unsupported version\n"); cli_dbgmsg("autoit: bad magic or unsupported version\n");
// Free this inputbuf and set back to NULL.
free(UNP.inputbuf);
UNP.inputbuf = NULL;
continue; continue;
} }
@ -769,6 +773,10 @@ static cl_error_t ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd)
} }
if (cli_checklimits("autoit", ctx, UNP.usize, 0, 0) != CL_CLEAN) { if (cli_checklimits("autoit", ctx, UNP.usize, 0, 0) != CL_CLEAN) {
// Free this inputbuf and set back to NULL.
free(UNP.inputbuf);
UNP.inputbuf = NULL;
continue; continue;
} }
@ -848,12 +856,16 @@ static cl_error_t ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd)
*/ */
cli_dbgmsg("autoit: file is not compressed\n"); cli_dbgmsg("autoit: file is not compressed\n");
UNP.outputbuf = UNP.inputbuf; UNP.outputbuf = UNP.inputbuf;
UNP.usize = UNP.csize; UNP.inputbuf = NULL;
UNP.usize = UNP.csize;
} }
if (UNP.usize < 4) { if (UNP.usize < 4) {
cli_dbgmsg("autoit: file is too short\n"); cli_dbgmsg("autoit: file is too short\n");
free(UNP.outputbuf); free(UNP.outputbuf);
UNP.outputbuf = NULL;
continue; continue;
} }

6
libclamav/rtf.c
View file

@ -167,9 +167,11 @@ static int push_state(struct stack* stack, struct rtf_state* state)
/* grow stack */ /* grow stack */
struct rtf_state* states; struct rtf_state* states;
stack->stack_size += 128; stack->stack_size += 128;
states = cli_realloc2(stack->states, stack->stack_size * sizeof(*stack->states)); states = cli_realloc(stack->states, stack->stack_size * sizeof(*stack->states));
if (!states) if (!states) {
// Realloc failed. Note that stack->states has not been freed and must still be cleaned up by the caller.
return CL_EMEM; return CL_EMEM;
}
stack->states = states; stack->states = states;
} }
stack->states[stack->stack_cnt++] = *state; stack->states[stack->stack_cnt++] = *state;