[PATCH 1/3 v2] Check zalloc return for out of memory situation

Thu Apr 24 06:27:19 PDT 2014

On Tue, 22 Apr 2014 01:54:03 +0000
"Bryce W. Harrington" <b.harrington at samsung.com> wrote:

> Most zalloc calls in weston are checked, this fixes a handful that were
> being ignored.  As found by `grep -EIsr "[^x]zalloc\(" . -A1`
> 
> Update: Drop the chunk in screen-share.c; Hardening already fixed the
> zalloc check in commit e57d1f21.
> 
> Signed-off-by: Bryce Harrington <b.harrington at samsung.com>
> ---
>  src/compositor-wayland.c |    6 ++++++
>  src/libinput-seat.c      |    2 +-
>  src/screenshooter.c      |   33 ++++++++++++++++++++-------------
>  src/udev-seat.c          |    2 +-
>  4 files changed, 28 insertions(+), 15 deletions(-)
> 
> diff --git a/src/compositor-wayland.c b/src/compositor-wayland.c
> index f35db9c..67f15be 100644
> --- a/src/compositor-wayland.c
> +++ b/src/compositor-wayland.c
> @@ -256,6 +256,12 @@ wayland_output_get_shm_buffer(struct wayland_output *output)
>  	}
>  
>  	sb = zalloc(sizeof *sb);
> +	if (sb == NULL) {
> +		weston_log("could not zalloc %ld memory for sb: %m\n", sizeof *sb);
> +		close(fd);
> +		free(data);
> +		return NULL;
> +	}
>  
>  	sb->output = output;
>  	wl_list_init(&sb->free_link);
> diff --git a/src/libinput-seat.c b/src/libinput-seat.c
> index 8bf538c..acb29d7 100644
> --- a/src/libinput-seat.c
> +++ b/src/libinput-seat.c
> @@ -330,9 +330,9 @@ udev_seat_create(struct udev_input *input, const char *seat_name)
>  	struct udev_seat *seat;
>  
>  	seat = zalloc(sizeof *seat);
> -
>  	if (!seat)
>  		return NULL;
> +
>  	weston_seat_init(&seat->base, c, seat_name);
>  	seat->base.led_update = udev_seat_led_update;
>  
> diff --git a/src/screenshooter.c b/src/screenshooter.c
> index 02146c8..369e920 100644
> --- a/src/screenshooter.c
> +++ b/src/screenshooter.c
> @@ -450,6 +450,17 @@ weston_recorder_frame_notify(struct wl_listener *listener, void *data)
>  }
>  
>  static void
> +weston_recorder_free(struct weston_recorder *recorder)
> +{
> +	if (recorder == NULL)
> +		return;
> +	free(recorder->rect);
> +	free(recorder->tmpbuf);
> +	free(recorder->frame);
> +	free(recorder);
> +}
> +
> +static void
>  weston_recorder_create(struct weston_output *output, const char *filename)
>  {
>  	struct weston_compositor *compositor = output->compositor;
> @@ -461,7 +472,6 @@ weston_recorder_create(struct weston_output *output, const char *filename)
>  	do_yflip = !!(compositor->capabilities & WESTON_CAP_CAPTURE_YFLIP);
>  
>  	recorder = malloc(sizeof *recorder);
> -
>  	if (recorder == NULL) {
>  		weston_log("%s: out of memory\n", __func__);
>  		return;
> @@ -476,6 +486,12 @@ weston_recorder_create(struct weston_output *output, const char *filename)
>  	recorder->destroying = 0;
>  	recorder->output = output;
>  
> +	if ((recorder->frame == NULL) || (recorder->rect == NULL)) {
> +		weston_log("%s: out of memory\n", __func__);
> +		weston_recorder_free(recorder);
> +		return;
> +	}
> +
>  	if (do_yflip)
>  		recorder->tmpbuf = NULL;
>  	else
> @@ -493,10 +509,7 @@ weston_recorder_create(struct weston_output *output, const char *filename)
>  		break;
>  	default:
>  		weston_log("unknown recorder format\n");
> -		free(recorder->rect);
> -		free(recorder->tmpbuf);
> -		free(recorder->frame);
> -		free(recorder);
> +		weston_recorder_free(recorder);
>  		return;
>  	}
>  
> @@ -505,10 +518,7 @@ weston_recorder_create(struct weston_output *output, const char *filename)
>  
>  	if (recorder->fd < 0) {
>  		weston_log("problem opening output file %s: %m\n", filename);
> -		free(recorder->rect);
> -		free(recorder->tmpbuf);
> -		free(recorder->frame);
> -		free(recorder);
> +		weston_recorder_free(recorder);
>  		return;
>  	}
>  
> @@ -527,11 +537,8 @@ weston_recorder_destroy(struct weston_recorder *recorder)
>  {
>  	wl_list_remove(&recorder->frame_listener.link);
>  	close(recorder->fd);
> -	free(recorder->tmpbuf);
> -	free(recorder->frame);
> -	free(recorder->rect);
>  	recorder->output->disable_planes--;
> -	free(recorder);
> +	weston_recorder_free(recorder);
>  }
>  
>  static void
> diff --git a/src/udev-seat.c b/src/udev-seat.c
> index 5e018de..cd2f6a9 100644
> --- a/src/udev-seat.c
> +++ b/src/udev-seat.c
> @@ -373,9 +373,9 @@ udev_seat_create(struct udev_input *input, const char *seat_name)
>  	struct udev_seat *seat;
>  
>  	seat = zalloc(sizeof *seat);
> -
>  	if (!seat)
>  		return NULL;
> +
>  	weston_seat_init(&seat->base, c, seat_name);
>  	seat->base.led_update = drm_led_update;
>  

Patches 1 and 2 seem fine to me.

Thanks,
pq