From 5fe1820ed2ef9c14e6cce2cbbadc817f3fb037e9 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Tue, 24 Dec 2024 20:08:31 +0000 Subject: [PATCH] Fix memory leak reported by QiAnXinCodeSafe --- xrdp/xrdp_egfx.c | 57 ++++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/xrdp/xrdp_egfx.c b/xrdp/xrdp_egfx.c index 7c5b76de5..095e9e5a2 100644 --- a/xrdp/xrdp_egfx.c +++ b/xrdp/xrdp_egfx.c @@ -800,6 +800,7 @@ xrdp_egfx_process_capsadvertise(struct xrdp_egfx *egfx, struct stream *s) char *holdp; int *versions; int *flagss; + int rv = 0; LOG(LOG_LEVEL_TRACE, "xrdp_egfx_process_capsadvertise:"); if (egfx->caps_advertise == NULL) @@ -813,46 +814,46 @@ xrdp_egfx_process_capsadvertise(struct xrdp_egfx *egfx, struct stream *s) } caps_count = 0; versions = g_new(int, capsSetCount); - if (versions == NULL) - { - return 1; - } flagss = g_new(int, capsSetCount); - if (flagss == NULL) + if (versions == NULL || flagss == NULL) { - g_free(versions); - return 1; + rv = 1; } - for (index = 0; index < capsSetCount; index++) + else { - if (!s_check_rem(s, 8)) + for (index = 0; index < capsSetCount; index++) { - return 1; - } - in_uint32_le(s, version); - in_uint32_le(s, capsDataLength); - if (!s_check_rem(s, capsDataLength)) - { - return 1; - } - holdp = s->p; - // This implicity excludes caps version 101. - if (capsDataLength == 4) - { - in_uint32_le(s, flags); - versions[caps_count] = version; - flagss[caps_count] = flags; - caps_count++; + if (!s_check_rem(s, 8)) + { + rv = 1; + break; + } + in_uint32_le(s, version); + in_uint32_le(s, capsDataLength); + if (!s_check_rem(s, capsDataLength)) + { + rv = 1; + break; + } + holdp = s->p; + // This implicity excludes caps version 101. + if (capsDataLength == 4) + { + in_uint32_le(s, flags); + versions[caps_count] = version; + flagss[caps_count] = flags; + caps_count++; + } + s->p = holdp + capsDataLength; } - s->p = holdp + capsDataLength; } - if (caps_count > 0) + if (rv == 0 && caps_count > 0) { egfx->caps_advertise(egfx->user, caps_count, versions, flagss); } g_free(versions); g_free(flagss); - return 0; + return rv; } /******************************************************************************/