MonetDB: Jul2017 - Malloc and realloc checks.

Sjoerd Mullender Wed, 26 Jul 2017 07:32:31 -0700

Changeset: e70f5d15e5ff for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=e70f5d15e5ff
Modified Files:
        gdk/gdk_posix.c
        gdk/gdk_utils.c
        monetdb5/mal/mal_readline.c
        monetdb5/modules/atoms/mcurl.c
        sql/common/sql_list.c
        sql/server/rel_optimizer.c
        sql/server/rel_select.c
        sql/server/sql_parser.y
        tools/mserver/mserver5.c
Branch: Jul2017
Log Message:


Malloc and realloc checks.


diffs (truncated from 493 to 300 lines):

diff --git a/gdk/gdk_posix.c b/gdk/gdk_posix.c
--- a/gdk/gdk_posix.c
+++ b/gdk/gdk_posix.c
@@ -1002,8 +1002,11 @@ int
 win_stat(const char *pathname, struct _stat64 *st)
 {
        char buf[128], *p = reduce_dir_name(pathname, buf, sizeof(buf));
-       int ret = _stat64(p, st);
+       int ret;
 
+       if (p == NULL)
+               return -1;
+       ret = _stat64(p, st);
        if (p != buf)
                free(p);
        return ret;
@@ -1013,8 +1016,11 @@ int
 win_rmdir(const char *pathname)
 {
        char buf[128], *p = reduce_dir_name(pathname, buf, sizeof(buf));
-       int ret = _rmdir(p);
+       int ret;
 
+       if (p == NULL)
+               return -1;
+       ret = _rmdir(p);
        if (ret < 0 && errno != ENOENT) {
                /* it could be the <expletive deleted> indexing
                 * service which prevents us from doing what we have a
@@ -1080,9 +1086,12 @@ int
 win_mkdir(const char *pathname, const int mode)
 {
        char buf[128], *p = reduce_dir_name(pathname, buf, sizeof(buf));
-       int ret = _mkdir(p);
+       int ret;
 
        (void) mode;
+       if (p == NULL)
+               return -1;
+       ret = _mkdir(p);
        if (p != buf)
                free(p);
        return ret;
diff --git a/gdk/gdk_utils.c b/gdk/gdk_utils.c
--- a/gdk/gdk_utils.c
+++ b/gdk/gdk_utils.c
@@ -521,6 +521,8 @@ GDKinit(opt *set, int setlen)
        }
 
        n = (opt *) malloc(setlen * sizeof(opt));
+       if (n == NULL)
+               GDKfatal("GDKinit: malloc failed\n");
        for (i = 0; i < setlen; i++) {
                int done = 0;
                int j;
@@ -1046,7 +1048,7 @@ GDKerror(const char *format, ...)
        }
        va_start(ap, format);
        if (vsnprintf(message + len, sizeof(message) - (len + 2), format, ap) < 
0)
-               strcpy(message, GDKERROR "an error occurred within GDKerror, 
possibly malloc failure.\n");
+               strcpy(message, GDKERROR "an error occurred within 
GDKerror.\n");
        va_end(ap);
 
        GDKaddbuf(message);
@@ -1400,7 +1402,8 @@ THRprintf(stream *s, const char *format,
                if (bf != THRprintbuf)
                        free(bf);
                bf = (str) malloc(bfsz);
-               assert(bf != NULL);
+               if (bf == NULL)
+                       return -1;
        } while (1);
 
        p += n;
diff --git a/monetdb5/mal/mal_readline.c b/monetdb5/mal/mal_readline.c
--- a/monetdb5/mal/mal_readline.c
+++ b/monetdb5/mal/mal_readline.c
@@ -118,13 +118,15 @@ readConsole(Client cntxt)
        if( buf) {
                size_t len= strlen(buf);
                if( len >= cntxt->fdin->size) {
+                       char *nbuf;
                        /* extremly dirty inplace buffer overwriting */
-                       cntxt->fdin->buf= realloc(cntxt->fdin->buf, len+1);
-                       if( cntxt->fdin->buf == NULL) {
+                       nbuf= realloc(cntxt->fdin->buf, len+1);
+                       if( nbuf == NULL) {
                                GDKerror("readConsole: " MAL_MALLOC_FAIL);
                                free(buf);
                                goto bailout;
                        }
+                       cntxt->fdin->buf = nbuf;
                        cntxt->fdin->size = len;
                }
                strcpy(cntxt->fdin->buf, buf);
diff --git a/monetdb5/modules/atoms/mcurl.c b/monetdb5/modules/atoms/mcurl.c
--- a/monetdb5/modules/atoms/mcurl.c
+++ b/monetdb5/modules/atoms/mcurl.c
@@ -35,13 +35,17 @@ WriteMemoryCallback(void *contents, size
 {
        size_t realsize = size * nmemb;
        struct MemoryStruct *mem = (struct MemoryStruct *)userp;
+       char *nmem;
 
-       mem->memory = realloc(mem->memory, mem->size + realsize + 1);
-       if(mem->memory == NULL) {
+       nmem = realloc(mem->memory, mem->size + realsize + 1);
+       if(nmem == NULL) {
                /* out of memory! */
-               printf("not enough memory (realloc returned NULL)\n");
+               free(mem->memory);
+               mem->memory = NULL;
+               fprintf(stderr, "mcurl module: not enough memory (realloc 
returned NULL)\n");
                return 0;
        }
+       mem->memory = nmem;
 
        memcpy(&(mem->memory[mem->size]), contents, realsize);
        mem->size += realsize;
@@ -62,6 +66,8 @@ handle_get_request(str *retval, str *url
        struct MemoryStruct chunk;
 
        chunk.memory = malloc(1);  /* will be grown as needed by the realloc 
above */
+       if (chunk.memory == NULL)
+               throw(MAL, "mcurl.getrequest", MAL_MALLOC_FAIL);
        chunk.size = 0;    /* no data at this point */
 
        curl_global_init(CURL_GLOBAL_ALL);
@@ -128,6 +134,8 @@ handle_put_request(str *retval, str *url
        struct MemoryStruct chunk;
 
        chunk.memory = malloc(1);  /* will be grown as needed by the realloc 
above */
+       if (chunk.memory == NULL)
+               throw(MAL, "mcurl.putrequest", MAL_MALLOC_FAIL);
        chunk.size = 0;    /* no data at this point */
 
        curl_global_init(CURL_GLOBAL_ALL);
@@ -153,7 +161,7 @@ handle_put_request(str *retval, str *url
 
        /* check for errors */
        if(res != CURLE_OK) {
-               msg = createException(MAL, "mcurl.deleterequest",
+               msg = createException(MAL, "mcurl.putrequest",
                                                          "curl_easy_perform() 
failed: %s\n", curl_easy_strerror(res));
        } else {
                /*
@@ -194,6 +202,8 @@ handle_post_request(str *retval, str *ur
        struct MemoryStruct chunk;
 
        chunk.memory = malloc(1);  /* will be grown as needed by the realloc 
above */
+       if (chunk.memory == NULL)
+               throw(MAL, "mcurl.postrequest", MAL_MALLOC_FAIL);
        chunk.size = 0;    /* no data at this point */
 
        curl_global_init(CURL_GLOBAL_ALL);
@@ -219,7 +229,7 @@ handle_post_request(str *retval, str *ur
 
        /* check for errors */
        if(res != CURLE_OK) {
-               msg = createException(MAL, "mcurl.deleterequest",
+               msg = createException(MAL, "mcurl.postrequest",
                                                          "curl_easy_perform() 
failed: %s\n", curl_easy_strerror(res));
        } else {
                /*
@@ -261,6 +271,8 @@ handle_delete_request(str *retval, str *
        struct MemoryStruct chunk;
 
        chunk.memory = malloc(1);  /* will be grown as needed by the realloc 
above */
+       if (chunk.memory == NULL)
+               throw(MAL, "mcurl.deleterequest", MAL_MALLOC_FAIL);
        chunk.size = 0;    /* no data at this point */
 
        curl_global_init(CURL_GLOBAL_ALL);
diff --git a/sql/common/sql_list.c b/sql/common/sql_list.c
--- a/sql/common/sql_list.c
+++ b/sql/common/sql_list.c
@@ -388,11 +388,19 @@ list_match(list *l1, list *l2, fcmp cmp)
 list *
 list_keysort(list *l, int *keys, fdup dup)
 {
-       list *res = list_new_(l);
+       list *res;
        node *n = NULL;
        int i, j, *pos, cnt = list_length(l);
 
        pos = (int*)malloc(cnt*sizeof(int));
+       if (pos == NULL) {
+               return NULL;
+       }
+       res = list_new_(l);
+       if (res == NULL) {
+               free(pos);
+               return NULL;
+       }
        for (n = l->h, i = 0; n; n = n->next, i++) {
                pos[i] = i;
        }
@@ -410,12 +418,25 @@ list_keysort(list *l, int *keys, fdup du
 list *
 list_sort(list *l, fkeyvalue key, fdup dup)
 {
-       list *res = list_new_(l);
+       list *res;
        node *n = NULL;
        int i, j, *keys, *pos, cnt = list_length(l);
 
        keys = (int*)malloc(cnt*sizeof(int));
        pos = (int*)malloc(cnt*sizeof(int));
+       if (keys == NULL || pos == NULL) {
+               if (keys)
+                       free(keys);
+               if (pos)
+                       free(pos);
+               return NULL;
+       }
+       res = list_new_(l);
+       if (res == NULL) {
+               free(keys);
+               free(pos);
+               return NULL;
+       }
        for (n = l->h, i = 0; n; n = n->next, i++) {
                keys[i] = key(n->data);
                pos[i] = i;
diff --git a/sql/server/rel_optimizer.c b/sql/server/rel_optimizer.c
--- a/sql/server/rel_optimizer.c
+++ b/sql/server/rel_optimizer.c
@@ -597,13 +597,26 @@ exps_count(list *exps)
 static list *
 order_join_expressions(mvc *sql, list *dje, list *rels)
 {
-       list *res = sa_list(sql->sa);
+       list *res;
        node *n = NULL;
        int i, j, *keys, *pos, cnt = list_length(dje);
        int debug = mvc_debug_on(sql, 16);
 
        keys = (int*)malloc(cnt*sizeof(int));
        pos = (int*)malloc(cnt*sizeof(int));
+       if (keys == NULL || pos == NULL) {
+               if (keys)
+                       free(keys);
+               if (pos)
+                       free(pos);
+               return NULL;
+       }
+       res = sa_list(sql->sa);
+       if (res == NULL) {
+               free(keys);
+               free(pos);
+               return NULL;
+       }
        for (n = dje->h, i = 0; n; n = n->next, i++) {
                sql_exp *e = n->data;
 
@@ -4824,6 +4837,15 @@ rel_reduce_groupby_exps(int *changes, mv
                gbe = rel->r;
                tbls = (sql_table**)malloc(sizeof(sql_table*)*list_length(gbe));
                bts = (sql_rel**)malloc(sizeof(sql_rel*)*list_length(gbe));
+               if (scores == NULL || tbls == NULL || bts == NULL) {
+                       if (scores)
+                               free(scores);
+                       if (tbls)
+                               free(tbls);
+                       if (bts)
+                               free(bts);
+                       return NULL;
+               }
                for (k = 0, i = 0, n = gbe->h; n; n = n->next, k++) {
                        sql_exp *e = n->data;
 
diff --git a/sql/server/rel_select.c b/sql/server/rel_select.c
--- a/sql/server/rel_select.c
+++ b/sql/server/rel_select.c
@@ -3316,8 +3316,9 @@ static sql_exp *
        if (!groupby) {
                char *uaname = malloc(strlen(aname) + 1);
                sql_exp *e = sql_error(sql, 02, "%s: missing group by",
-                               toUpperCopy(uaname, aname));
-               free(uaname);
+                                      uaname ? toUpperCopy(uaname, aname) : 
aname);
+               if (uaname)
+                       free(uaname);
                return e;
        }
 
@@ -3344,8 +3345,9 @@ static sql_exp *
        if (f == sql_where) {
                char *uaname = malloc(strlen(aname) + 1);
                sql_exp *e = sql_error(sql, 02, "%s: not allowed in WHERE 
clause",
-                               toUpperCopy(uaname, aname));
-               free(uaname);
+                                      uaname ? toUpperCopy(uaname, aname) : 
aname);
+               if (uaname)
+                       free(uaname);
                return e;
        }
        
@@ -3355,8 +3357,9 @@ static sql_exp *
                if (strcmp(aname, "count") != 0) {
_______________________________________________
checkin-list mailing list
[email protected]
https://www.monetdb.org/mailman/listinfo/checkin-list

MonetDB: Jul2017 - Malloc and realloc checks.

Reply via email to