[Intel-gfx] [PATCH 08/12] drm: Validate memory allocations

Praveen Paneri praveen.paneri at intel.com
Thu Apr 2 01:32:23 PDT 2015


This patch adds check on various drmMalloc() calls if they
were able to allocate memory as requested or not. Return
appropriate error if the allocation fails.

Signed-off-by: Praveen Paneri <praveen.paneri at intel.com>
---
 xf86drm.c | 51 ++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 40 insertions(+), 11 deletions(-)

diff --git a/xf86drm.c b/xf86drm.c
index 1e25424..373113b 100644
--- a/xf86drm.c
+++ b/xf86drm.c
@@ -186,6 +186,8 @@ drmHashEntry *drmGetEntry(int fd)
 
     if (drmHashLookup(drmHashTable, key, &value)) {
 	entry           = drmMalloc(sizeof(*entry));
+	if (!entry)
+	    return NULL;
 	entry->fd       = fd;
 	entry->f        = NULL;
 	entry->tagTable = drmHashCreate();
@@ -837,6 +839,8 @@ drmVersionPtr drmGetVersion(int fd)
 {
     drmVersionPtr retval;
     drm_version_t *version = drmMalloc(sizeof(*version));
+    if (!version)
+	return NULL;
 
     memclear(*version);
 
@@ -864,7 +868,9 @@ drmVersionPtr drmGetVersion(int fd)
     if (version->desc_len) version->desc[version->desc_len] = '\0';
 
     retval = drmMalloc(sizeof(*retval));
-    drmCopyVersion(retval, version);
+    if (retval)
+        drmCopyVersion(retval, version);
+
     drmFreeKernelVersion(version);
     return retval;
 }
@@ -886,6 +892,8 @@ drmVersionPtr drmGetVersion(int fd)
 drmVersionPtr drmGetLibVersion(int fd)
 {
     drm_version_t *version = drmMalloc(sizeof(*version));
+    if (!version)
+	return NULL;
 
     /* Version history:
      *   NOTE THIS MUST NOT GO ABOVE VERSION 1.X due to drivers needing it
@@ -1294,14 +1302,25 @@ drmBufInfoPtr drmGetBufInfo(int fd)
 	}
 
 	retval = drmMalloc(sizeof(*retval));
+	if (!retval) {
+	    drmFree(info.list);
+	    return NULL;
+	}
+
 	retval->count = info.count;
 	retval->list  = drmMalloc(info.count * sizeof(*retval->list));
-	for (i = 0; i < info.count; i++) {
-	    retval->list[i].count     = info.list[i].count;
-	    retval->list[i].size      = info.list[i].size;
-	    retval->list[i].low_mark  = info.list[i].low_mark;
-	    retval->list[i].high_mark = info.list[i].high_mark;
+	if (retval->list) {
+	    for (i = 0; i < info.count; i++) {
+	        retval->list[i].count     = info.list[i].count;
+	        retval->list[i].size      = info.list[i].size;
+	        retval->list[i].low_mark  = info.list[i].low_mark;
+	        retval->list[i].high_mark = info.list[i].high_mark;
+	    }
+	} else {
+	    drmFree(retval);
+	    retval = NULL;
 	}
+
 	drmFree(info.list);
 	return retval;
     }
@@ -1345,13 +1364,23 @@ drmBufMapPtr drmMapBufs(int fd)
 	}
 
 	retval = drmMalloc(sizeof(*retval));
+	if (!retval) {
+	    drmFree(bufs.list);
+            return NULL;
+	}
+
 	retval->count = bufs.count;
 	retval->list  = drmMalloc(bufs.count * sizeof(*retval->list));
-	for (i = 0; i < bufs.count; i++) {
-	    retval->list[i].idx     = bufs.list[i].idx;
-	    retval->list[i].total   = bufs.list[i].total;
-	    retval->list[i].used    = 0;
-	    retval->list[i].address = bufs.list[i].address;
+	if (retval->list) {
+	    for (i = 0; i < bufs.count; i++) {
+	        retval->list[i].idx     = bufs.list[i].idx;
+	        retval->list[i].total   = bufs.list[i].total;
+	        retval->list[i].used    = 0;
+	        retval->list[i].address = bufs.list[i].address;
+	    }
+	} else {
+	    drmFree(retval);
+	    retval = NULL;
 	}
 
 	drmFree(bufs.list);
-- 
1.9.1



More information about the Intel-gfx mailing list