diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-11-08 15:32:42 -0800 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-11-08 15:58:43 -0800 |
| commit | 333085a276a2bb2b156339cd9f8caa658ef4d1b6 (patch) | |
| tree | 9366d66bf8a0510762a2cd06e59e70722f1187d7 | |
| parent | 3735919092d164a5d4a76a47e6ae8281fbf89be1 (diff) | |
Ensure memory is initialized before use in PushRequestorQueue
If authLen <= 0, then we weren't initializing the authName & authData
pointers until after checking if all the allocations succeeded, but
if any allocations failed, we'd then try to free them before that.
Error: Uninitialised memory (CWE 456)
Possible access to uninitialised memory '&newreq->authData'
at line 590 of pmdb.c in function 'PushRequestorQueue'.
&newreq->authData allocated at line 559.
&newreq->authData uninitialised when authLen <= 0 at line 568.
at line 591 of pmdb.c in function 'PushRequestorQueue'.
&newreq->authData allocated at line 559.
&newreq->authData uninitialised when authLen <= 0 at line 568
and newreq->authName == NULL at line 574.
Possible access to uninitialised memory '&newreq->authName'
at line 588 of pmdb.c in function 'PushRequestorQueue'.
&newreq->authName allocated at line 559.
&newreq->authName uninitialised when authLen <= 0 at line 568.
at line 589 of pmdb.c in function 'PushRequestorQueue'.
&newreq->authName allocated at line 559.
&newreq->authName uninitialised when authLen <= 0 at line 568
and newreq->authName != NULL at line 574.
[ This bug was found by the Parfait 1.5.1 bug checking tool.
http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
| -rw-r--r-- | pmdb.c | 6 |
1 files changed, 2 insertions, 4 deletions
@@ -570,6 +570,8 @@ PushRequestorQueue ( newreq->authName = (char *) malloc (strlen (authName) + 1); newreq->authData = (char *) malloc (authLen); } + else + newreq->authName = newreq->authData = NULL; if (!newreq->serviceName || !newreq->serverAddress || @@ -602,10 +604,6 @@ PushRequestorQueue ( strcpy (newreq->authName, authName); memcpy (newreq->authData, authData, authLen); } - else - { - newreq->authName = newreq->authData = NULL; - } newreq->requestor = requestor; newreq->listData = (char *) runList; |