catch possible reallocs that can return NULL which dereferrenced later

Mindwerks · Apr 3, 2024 · 6721ab9 · 6721ab9
1 parent dbda2ca
commit 6721ab9
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 14 deletions.
diff --git a/src/f_midi.c b/src/f_midi.c
@@ -474,6 +474,7 @@ _WM_Event2Midi(struct _mdi *mdi, uint8_t **out, uint32_t *outsize) {
     uint32_t track_size = 0;
     uint32_t track_start = 0;
     uint32_t track_count = 0;
+    uint8_t *new_out;
 
     if (!mdi->event_count) {
         _WM_GLOBAL_ERROR(WM_ERR_CONVERT, "(No events to convert)", 0);
@@ -1014,7 +1015,13 @@ _WM_Event2Midi(struct _mdi *mdi, uint8_t **out, uint32_t *outsize) {
     (*out)[10] = (track_count >> 8) & 0xff;
     (*out)[11] = track_count & 0xff;
 
-    (*out) = (uint8_t *) realloc((*out), out_ofs);
+    new_out = (uint8_t *) realloc((*out), out_ofs);
+    if (!new_out) {
+        free(out);
+        _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+        return -1;
+    }
+    *out = new_out;
     (*outsize) = out_ofs;
 
     return 0;

diff --git a/src/internal_midi.c b/src/internal_midi.c
@@ -547,9 +547,16 @@ float _WM_GetSamplesPerTick(uint32_t divisions, uint32_t tempo) {
 
 static void _WM_CheckEventMemoryPool(struct _mdi *mdi) {
     if ((mdi->event_count + 1) >= mdi->events_size) {
+        struct _event * new_events;
         mdi->events_size += MEM_CHUNK;
-        mdi->events = (struct _event *) realloc(mdi->events,
-                              (mdi->events_size * sizeof(struct _event)));
+        new_events = (struct _event *)
+                realloc(mdi->events, (mdi->events_size * sizeof(struct _event)));
+        if (!new_events){
+            free(mdi->events);
+            _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+            return;
+        }
+        mdi->events = new_events;
     }
 }
 
@@ -2147,7 +2154,13 @@ uint32_t _WM_SetupMidiEvent(struct _mdi *mdi, const uint8_t * event_data, uint32
 
                     /* Copy copyright info in the getinfo struct */
                     if (mdi->extra_info.copyright) {
-                        mdi->extra_info.copyright = (char *) realloc(mdi->extra_info.copyright,(strlen(mdi->extra_info.copyright) + 1 + tmp_length + 1));
+                        char * new_copyright =  (char *) realloc(mdi->extra_info.copyright,(strlen(mdi->extra_info.copyright) + 1 + tmp_length + 1));
+                        if (!new_copyright){
+                            free(mdi->extra_info.copyright);
+                            _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+                            return(0);
+                        }
+                        mdi->extra_info.copyright = new_copyright;
                         memcpy(&mdi->extra_info.copyright[strlen(mdi->extra_info.copyright) + 1], event_data, tmp_length);
                         mdi->extra_info.copyright[strlen(mdi->extra_info.copyright) + 1 + tmp_length] = '\0';
                         mdi->extra_info.copyright[strlen(mdi->extra_info.copyright)] = '\n';

diff --git a/src/mus2mid.c b/src/mus2mid.c
@@ -132,7 +132,13 @@ struct mus_ctx {
 #define DST_CHUNK 8192
 static void resize_dst(struct mus_ctx *ctx) {
     uint32_t pos = ctx->dst_ptr - ctx->dst;
-    ctx->dst = (uint8_t *) realloc(ctx->dst, ctx->dstsize + DST_CHUNK);
+    uint8_t *new_dst = (uint8_t *) realloc(ctx->dst, ctx->dstsize + DST_CHUNK);
+    if (!new_dst){
+        free(ctx->dst);
+        _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+        return;
+    }
+    ctx->dst = new_dst;
     ctx->dstsize += DST_CHUNK;
     ctx->dstrem += DST_CHUNK;
     ctx->dst_ptr = ctx->dst + pos;

diff --git a/src/patches.c b/src/patches.c
@@ -28,6 +28,7 @@
 #include <stdlib.h>
 
 #include "wildmidi_lib.h"
+#include "wm_error.h"
 #include "internal_midi.h"
 #include "lock.h"
 #include "patches.h"
@@ -67,6 +68,7 @@ _WM_get_patch_data(struct _mdi *mdi, uint16_t patchid) {
 void _WM_load_patch(struct _mdi *mdi, uint16_t patchid) {
     uint32_t i;
     struct _patch *tmp_patch = NULL;
+    struct _patch **new_patches;
 
     for (i = 0; i < mdi->patch_count; i++) {
         if (mdi->patches[i]->patchid == patchid) {
@@ -93,8 +95,14 @@ void _WM_load_patch(struct _mdi *mdi, uint16_t patchid) {
     }
 
     mdi->patch_count++;
-    mdi->patches = (struct _patch **) realloc(mdi->patches,
-                           (sizeof(struct _patch*) * mdi->patch_count));
+    new_patches = (struct _patch **) realloc(mdi->patches, (sizeof(struct _patch*) * mdi->patch_count));
+    if (!new_patches) {
+        free(mdi->patches);
+        _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+        _WM_Unlock(&_WM_patch_lock);
+        return;
+    }
+    mdi->patches = new_patches;
     mdi->patches[mdi->patch_count - 1] = tmp_patch;
     tmp_patch->inuse_count++;
     _WM_Unlock(&_WM_patch_lock);

diff --git a/src/wildmidi_lib.c b/src/wildmidi_lib.c
@@ -306,6 +306,7 @@ static char** WM_LC_Tokenize_Line(char *line_data) {
     int line_ofs = 0;
     int token_start = 0;
     char **token_data = NULL;
+    char **new_data;
     int token_count = 0;
 
     if (!line_length) return (NULL);
@@ -328,11 +329,13 @@ static char** WM_LC_Tokenize_Line(char *line_data) {
                 token_start = 1;
                 if (token_count >= token_data_length) {
                     token_data_length += TOKEN_CNT_INC;
-                    token_data = (char **) realloc(token_data, token_data_length * sizeof(char *));
-                    if (token_data == NULL) {
+                    new_data = (char **) realloc(token_data, token_data_length * sizeof(char *));
+                    if (!new_data) {
+                        free(token_data);
                         _WM_GLOBAL_ERROR(WM_ERR_MEM, NULL, errno);
                         return (NULL);
                     }
+                    token_data = new_data;
                 }
 
                 token_data[token_count] = &line_data[line_ofs];
@@ -345,7 +348,13 @@ static char** WM_LC_Tokenize_Line(char *line_data) {
     /* if we have found some tokens then add a null token to the end */
     if (token_count) {
         if (token_count >= token_data_length) {
-            token_data = (char **) realloc(token_data, ((token_count + 1) * sizeof(char *)));
+            new_data = (char **) realloc(token_data, ((token_count + 1) * sizeof(char *)));
+            if (!new_data) {
+                free(token_data);
+                _WM_GLOBAL_ERROR(WM_ERR_MEM,"to parse config", errno);
+                return (NULL);
+            }
+            token_data = new_data;
         }
         token_data[token_count] = NULL;
     }
@@ -838,12 +847,19 @@ static int WM_GetOutput_Linear(midi * handle, int8_t *buffer, uint32_t size) {
     memset(buffer, 0, size);
 
     if ( (size / 2) > mdi->mix_buffer_size) {
+        int32_t *new_mix_buffer;
         if ( (size / 2) <= ( mdi->mix_buffer_size * 2 )) {
             mdi->mix_buffer_size += MEM_CHUNK;
         } else {
             mdi->mix_buffer_size = size / 2;
         }
-        mdi->mix_buffer = (int32_t *) realloc(mdi->mix_buffer, mdi->mix_buffer_size * sizeof(int32_t));
+        new_mix_buffer = (int32_t *) realloc(mdi->mix_buffer, mdi->mix_buffer_size * sizeof(int32_t));
+        if (!new_mix_buffer){
+            free(mdi->mix_buffer);
+            _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+            return(-1);
+        }
+        mdi->mix_buffer = new_mix_buffer;
     }
 
     tmp_buffer = mdi->mix_buffer;
@@ -1155,12 +1171,19 @@ static int WM_GetOutput_Gauss(midi * handle, int8_t *buffer, uint32_t size) {
     memset(buffer, 0, size);
 
     if ( (size / 2) > mdi->mix_buffer_size) {
+        int32_t *new_mix_buffer;
         if ( (size / 2) <= ( mdi->mix_buffer_size * 2 )) {
             mdi->mix_buffer_size += MEM_CHUNK;
         } else {
             mdi->mix_buffer_size = size / 2;
         }
-        mdi->mix_buffer = (int32_t *) realloc(mdi->mix_buffer, mdi->mix_buffer_size * sizeof(int32_t));
+        new_mix_buffer = (int32_t *) realloc(mdi->mix_buffer, mdi->mix_buffer_size * sizeof(int32_t));
+        if (!new_mix_buffer){
+            free(mdi->mix_buffer);
+            _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+            return(-1);
+        }
+        mdi->mix_buffer = new_mix_buffer;
     }
 
     tmp_buffer = mdi->mix_buffer;
@@ -2086,7 +2109,7 @@ WildMidi_GetInfo(midi * handle) {
         mdi->tmp_info->copyright = NULL;
     }
     _WM_Unlock(&mdi->lock);
-    return ((struct _WM_Info *)mdi->tmp_info);
+    return (mdi->tmp_info);
 }
 
 WM_SYMBOL int WildMidi_Shutdown(void) {

diff --git a/src/xmi2mid.c b/src/xmi2mid.c
@@ -122,7 +122,13 @@ static void copy(struct xmi_ctx *ctx, char *b, uint32_t len)
 #define DST_CHUNK 8192
 static void resize_dst(struct xmi_ctx *ctx) {
     uint32_t pos = ctx->dst_ptr - ctx->dst;
-    ctx->dst = (uint8_t *) realloc(ctx->dst, ctx->dstsize + DST_CHUNK);
+    uint8_t *new_dst = (uint8_t *) realloc(ctx->dst, ctx->dstsize + DST_CHUNK);
+    if (!new_dst){
+        free(ctx->dst);
+        _WM_GLOBAL_ERROR(WM_ERR_MEM, "Unable to reallocate memory.", 0);
+        return;
+    }
+    ctx->dst = new_dst;
     ctx->dstsize += DST_CHUNK;
     ctx->dstrem += DST_CHUNK;
     ctx->dst_ptr = ctx->dst + pos;