From f129014ca4cc1e38749934c5089b8bcb2ab3ea35 Mon Sep 17 00:00:00 2001 From: Gerhard Sittig Date: Thu, 8 Feb 2018 22:11:58 +0100 Subject: [PATCH] session: fixup access to uninitialized memory The sr_packet_copy() routine could have written to an arbitrary memory location. Make sure to allocate the space before writing to it, and check for successful allocation before accessing the memory. It's assumed that this error never took effect, as the routine appears to be unused. This was reported by clang's scan-build. --- src/session.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/session.c b/src/session.c index ad39ddcf..0620b222 100644 --- a/src/session.c +++ b/src/session.c @@ -1484,8 +1484,13 @@ SR_PRIV int sr_packet_copy(const struct sr_datafeed_packet *packet, case SR_DF_LOGIC: logic = packet->payload; logic_copy = g_malloc(sizeof(*logic_copy)); + if (!logic_copy) + return SR_ERR; logic_copy->length = logic->length; logic_copy->unitsize = logic->unitsize; + logic_copy->data = g_malloc(logic->length * logic->unitsize); + if (!logic_copy->data) + return SR_ERR; memcpy(logic_copy->data, logic->data, logic->length * logic->unitsize); (*copy)->payload = logic_copy; break;