diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-05-24 22:58:41 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-08-15 16:52:24 -0700 |
commit | 787c4c79be18373f58aeaf2fe543f30fe3af2bd1 (patch) | |
tree | e0c0d9befb5b107a4a4c888ee5d54fb452df9025 | |
parent | 9089ae455f9df222aa85bbbcb4526874c0d97099 (diff) |
Ensure ARRAY* structs are zero'ed out when oversize values are passed
Previous fix missed a case in which we returned failure, but didn't
fill in the data pointer & size values.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r-- | Array.c | 44 |
1 files changed, 16 insertions, 28 deletions
@@ -55,80 +55,68 @@ xrealloc(void *ptr, size_t size) int XdmcpAllocARRAY8 (ARRAY8Ptr array, int length) { - CARD8Ptr newData; - /* length defined in ARRAY8 struct is a CARD16 (not CARD8 like the rest) */ if (length > UINT16_MAX) - return FALSE; + array->data = NULL; + else + array->data = xmalloc(length * sizeof (CARD8)); - newData = (CARD8Ptr) xmalloc(length * sizeof (CARD8)); - if (!newData) { + if (array->data == NULL) { array->length = 0; - array->data = NULL; return FALSE; } array->length = (CARD16) length; - array->data = newData; return TRUE; } int XdmcpAllocARRAY16 (ARRAY16Ptr array, int length) { - CARD16Ptr newData; - /* length defined in ARRAY16 struct is a CARD8 */ if (length > UINT8_MAX) - return FALSE; + array->data = NULL; + else + array->data = xmalloc(length * sizeof (CARD16)); - newData = (CARD16Ptr) xmalloc(length * sizeof (CARD16)); - if (!newData) { + if (array->data == NULL) { array->length = 0; - array->data = NULL; return FALSE; } array->length = (CARD8) length; - array->data = newData; return TRUE; } int XdmcpAllocARRAY32 (ARRAY32Ptr array, int length) { - CARD32Ptr newData; - /* length defined in ARRAY32 struct is a CARD8 */ if (length > UINT8_MAX) - return FALSE; + array->data = NULL; + else + array->data = xmalloc(length * sizeof (CARD32)); - newData = (CARD32Ptr) xmalloc(length * sizeof (CARD32)); - if (!newData) { + if (array->data == NULL) { array->length = 0; - array->data = NULL; return FALSE; } array->length = (CARD8) length; - array->data = newData; return TRUE; } int XdmcpAllocARRAYofARRAY8 (ARRAYofARRAY8Ptr array, int length) { - ARRAY8Ptr newData; - /* length defined in ARRAYofARRAY8 struct is a CARD8 */ if (length > UINT8_MAX) - return FALSE; + array->data = NULL; + else + array->data = xmalloc(length * sizeof (ARRAY8)); - newData = (ARRAY8Ptr) xmalloc(length * sizeof (ARRAY8)); - if (!newData) { + if (array->data == NULL) { array->length = 0; - array->data = NULL; return FALSE; } array->length = (CARD8) length; - array->data = newData; return TRUE; } |