From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 89123 invoked by alias); 6 Apr 2015 20:48:30 -0000 Mailing-List: contact libffi-discuss-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libffi-discuss-owner@sourceware.org Received: (qmail 89111 invoked by uid 89); 6 Apr 2015 20:48:29 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=2.9 required=5.0 tests=AWL,BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mail-ob0-f174.google.com Received: from mail-ob0-f174.google.com (HELO mail-ob0-f174.google.com) (209.85.214.174) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Mon, 06 Apr 2015 20:48:28 +0000 Received: by obbfy7 with SMTP id fy7so59259290obb.2 for ; Mon, 06 Apr 2015 13:48:27 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.182.74.166 with SMTP id u6mr20769759obv.68.1428353306967; Mon, 06 Apr 2015 13:48:26 -0700 (PDT) Received: by 10.76.81.98 with HTTP; Mon, 6 Apr 2015 13:48:26 -0700 (PDT) Date: Mon, 06 Apr 2015 20:48:00 -0000 Message-ID: Subject: Missing sanity checks for various C library function calls... From: Bill Parker To: libffi-discuss@sourceware.org Content-Type: multipart/mixed; boundary=001a11c1f2327a66530513146be2 X-SW-Source: 2015/txt/msg00046.txt.bz2 --001a11c1f2327a66530513146be2 Content-Type: text/plain; charset=UTF-8 Content-length: 1392 Hello All, In reviewing code for Python-3.4.3 in directory 'Modules/_ctypes/libffi/src/arm', file 'ffi.c', I found a pair of calls to calloc() which do not test for a return value of NULL, indicating failure. The patch file below corrects this issue: --- ffi.c.orig 2015-04-04 15:43:19.662709073 -0700 +++ ffi.c 2015-04-04 15:51:27.142665269 -0700 @@ -629,12 +629,21 @@ /* We have valid trampoline and config pages */ table = calloc (1, sizeof(ffi_trampoline_table)); + if (table == NULL) { /* oops, calloc() failed, now what??? */ + fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__, __LINE__); + return NULL; /* go home??? */ + } table->free_count = FFI_TRAMPOLINE_COUNT; table->config_page = config_page; table->trampoline_page = trampoline_page; /* Create and initialize the free list */ table->free_list_pool = calloc(FFI_TRAMPOLINE_COUNT, sizeof(ffi_trampoline_table_entry)); + if (table->free_list_pool == NULL) { /* oops, calloc() failed, now what */ + fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__, __LINE__); + free(table); /* free table (from previos calloc() call) */ + return NULL; /* go home??? * + } uint16_t i; for (i = 0; i < table->free_count; i++) { I am attaching the patch file to this email Bill Parker (wp02855 at gmail dot com) --001a11c1f2327a66530513146be2 Content-Type: application/octet-stream; name="ffi.c.patch" Content-Disposition: attachment; filename="ffi.c.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i86coeq90 Content-length: 1420 LS0tIGZmaS5jLm9yaWcJMjAxNS0wNC0wNCAxNTo0MzoxOS42NjI3MDkwNzMg LTA3MDAKKysrIGZmaS5jCTIwMTUtMDQtMDQgMTU6NTE6MjcuMTQyNjY1MjY5 IC0wNzAwCkBAIC02MjksMTIgKzYyOSwyMSBAQAogCiAgICAgLyogV2UgaGF2 ZSB2YWxpZCB0cmFtcG9saW5lIGFuZCBjb25maWcgcGFnZXMgKi8KICAgICB0 YWJsZSA9IGNhbGxvYyAoMSwgc2l6ZW9mKGZmaV90cmFtcG9saW5lX3RhYmxl KSk7CisgICAgaWYgKHRhYmxlID09IE5VTEwpIHsgLyogb29wcywgY2FsbG9j KCkgZmFpbGVkLCBub3cgd2hhdD8/PyAqLworICAgICAgZnByaW50ZihzdGRl cnIsICJ2bSBjYWxsb2MoKSBmYWlsdXJlOiAlZCBhdCAlczolZFxuIiwga3Qs IF9fRklMRV9fLCBfX0xJTkVfXyk7CisgICAgICByZXR1cm4gTlVMTDsgLyog Z28gaG9tZT8/PyAqLworICAgIH0KICAgICB0YWJsZS0+ZnJlZV9jb3VudCA9 IEZGSV9UUkFNUE9MSU5FX0NPVU5UOwogICAgIHRhYmxlLT5jb25maWdfcGFn ZSA9IGNvbmZpZ19wYWdlOwogICAgIHRhYmxlLT50cmFtcG9saW5lX3BhZ2Ug PSB0cmFtcG9saW5lX3BhZ2U7CiAKICAgICAvKiBDcmVhdGUgYW5kIGluaXRp YWxpemUgdGhlIGZyZWUgbGlzdCAqLwogICAgIHRhYmxlLT5mcmVlX2xpc3Rf cG9vbCA9IGNhbGxvYyhGRklfVFJBTVBPTElORV9DT1VOVCwgc2l6ZW9mKGZm aV90cmFtcG9saW5lX3RhYmxlX2VudHJ5KSk7CisgICAgaWYgKHRhYmxlLT5m cmVlX2xpc3RfcG9vbCA9PSBOVUxMKSB7IC8qIG9vcHMsIGNhbGxvYygpIGZh aWxlZCwgbm93IHdoYXQgKi8KKyAgICAgIGZwcmludGYoc3RkZXJyLCAidm0g Y2FsbG9jKCkgZmFpbHVyZTogJWQgYXQgJXM6JWRcbiIsIGt0LCBfX0ZJTEVf XywgX19MSU5FX18pOworICAgICAgZnJlZSh0YWJsZSk7ICAvKiBmcmVlIHRh YmxlIChmcm9tIHByZXZpb3MgY2FsbG9jKCkgY2FsbCkgKi8KKyAgICAgIHJl dHVybiBOVUxMOyAgLyogZ28gaG9tZT8/PyAqCisgICAgfQogCiAgICAgdWlu dDE2X3QgaTsKICAgICBmb3IgKGkgPSAwOyBpIDwgdGFibGUtPmZyZWVfY291 bnQ7IGkrKykgewo= --001a11c1f2327a66530513146be2--