mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 18:33:16 +00:00
Coverity: fix assorted static analysis issues
RTF: - Coverity-344490: Use cli_realloc instead of cli_realloc2. cli_realloc2 will free the memory if the allocation fails, though we also free the memory later in SCAN_CLEANUP. - Fix warning about unused variable. AutoIt: - Fix possible memory leaks of input and output buffers. - Set pointer to NULL after handing off memory to new pointer.
This commit is contained in:
parent
f79f942150
commit
3e8a9af4df
2 changed files with 17 additions and 3 deletions
|
@ -761,6 +761,10 @@ static cl_error_t ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd)
|
||||||
cli_dbgmsg("autoit: file is compressed\n");
|
cli_dbgmsg("autoit: file is compressed\n");
|
||||||
if (cli_readint32(UNP.inputbuf) != 0x35304145) {
|
if (cli_readint32(UNP.inputbuf) != 0x35304145) {
|
||||||
cli_dbgmsg("autoit: bad magic or unsupported version\n");
|
cli_dbgmsg("autoit: bad magic or unsupported version\n");
|
||||||
|
// Free this inputbuf and set back to NULL.
|
||||||
|
free(UNP.inputbuf);
|
||||||
|
UNP.inputbuf = NULL;
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -769,6 +773,10 @@ static cl_error_t ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cli_checklimits("autoit", ctx, UNP.usize, 0, 0) != CL_CLEAN) {
|
if (cli_checklimits("autoit", ctx, UNP.usize, 0, 0) != CL_CLEAN) {
|
||||||
|
// Free this inputbuf and set back to NULL.
|
||||||
|
free(UNP.inputbuf);
|
||||||
|
UNP.inputbuf = NULL;
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -848,12 +856,16 @@ static cl_error_t ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd)
|
||||||
*/
|
*/
|
||||||
cli_dbgmsg("autoit: file is not compressed\n");
|
cli_dbgmsg("autoit: file is not compressed\n");
|
||||||
UNP.outputbuf = UNP.inputbuf;
|
UNP.outputbuf = UNP.inputbuf;
|
||||||
UNP.usize = UNP.csize;
|
UNP.inputbuf = NULL;
|
||||||
|
|
||||||
|
UNP.usize = UNP.csize;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (UNP.usize < 4) {
|
if (UNP.usize < 4) {
|
||||||
cli_dbgmsg("autoit: file is too short\n");
|
cli_dbgmsg("autoit: file is too short\n");
|
||||||
free(UNP.outputbuf);
|
free(UNP.outputbuf);
|
||||||
|
UNP.outputbuf = NULL;
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -167,9 +167,11 @@ static int push_state(struct stack* stack, struct rtf_state* state)
|
||||||
/* grow stack */
|
/* grow stack */
|
||||||
struct rtf_state* states;
|
struct rtf_state* states;
|
||||||
stack->stack_size += 128;
|
stack->stack_size += 128;
|
||||||
states = cli_realloc2(stack->states, stack->stack_size * sizeof(*stack->states));
|
states = cli_realloc(stack->states, stack->stack_size * sizeof(*stack->states));
|
||||||
if (!states)
|
if (!states) {
|
||||||
|
// Realloc failed. Note that stack->states has not been freed and must still be cleaned up by the caller.
|
||||||
return CL_EMEM;
|
return CL_EMEM;
|
||||||
|
}
|
||||||
stack->states = states;
|
stack->states = states;
|
||||||
}
|
}
|
||||||
stack->states[stack->stack_cnt++] = *state;
|
stack->states[stack->stack_cnt++] = *state;
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue