[OpenWrt-Devel] [PATCH] [package] libubox: fix segment fault for out-of-memory

Tue, 08 Jul 2014 06:44:58 -0700 

HI, all

this is a patch try to fix libubox's segment fault for out-of-memory

Best regards

Signed-off-by:Chen Bin <ewol...@126.com>
---
diff --git a/blob.c b/blob.c
index 10c1f49..ec8617b 100644
--- a/blob.c
+++ b/blob.c
@@ -21,12 +21,15 @@
 static bool
 blob_buffer_grow(struct blob_buf *buf, int minlen)
 {
+       struct blob_buf *new;
        int delta = ((minlen / 256) + 1) * 256;
-       buf->buflen += delta;
-       buf->buf = realloc(buf->buf, buf->buflen);
-       if (buf->buf)
-               memset(buf->buf + buf->buflen - delta, 0, delta);
-       return !!buf->buf;
+       new = realloc(buf->buf, buf->buflen + delta);
+       if (new) {
+               buf->buf = new;
+               memset(buf->buf + buf->buflen, 0, delta);
+               buf->buflen += delta;
+       }
+       return !!new;
 }
 
 static void
@@ -50,15 +53,16 @@ attr_to_offset(struct blob_buf *buf, struct blob_attr *attr)
        return (char *)attr - (char *) buf->buf + BLOB_COOKIE;
 }
 
-void
+bool
 blob_buf_grow(struct blob_buf *buf, int required)
 {
        int offset_head = attr_to_offset(buf, buf->head);
 
        if (!buf->grow || !buf->grow(buf, required))
-               return;
+               return false;
 
        buf->head = offset_to_attr(buf, offset_head);
+       return true;
 }
 
 static struct blob_attr *
@@ -69,7 +73,8 @@ blob_add(struct blob_buf *buf, struct blob_attr *pos, int id, 
int payload)
        struct blob_attr *attr;
 
        if (required > 0) {
-               blob_buf_grow(buf, required);
+               if (!blob_buf_grow(buf, required))
+                       return NULL;
                attr = offset_to_attr(buf, offset);
        } else {
                attr = pos;
@@ -142,6 +147,8 @@ blob_put_raw(struct blob_buf *buf, const void *ptr, 
unsigned int len)
                return NULL;
 
        attr = blob_add(buf, blob_next(buf->head), 0, len - sizeof(struct 
blob_attr));
+       if (!attr)
+               return NULL;
        blob_set_raw_len(buf->head, blob_pad_len(buf->head) + len);
        memcpy(attr, ptr, len);
        return attr;
@@ -166,6 +173,8 @@ blob_nest_start(struct blob_buf *buf, int id)
 {
        unsigned long offset = attr_to_offset(buf, buf->head);
        buf->head = blob_new(buf, id, 0);
+       if (!buf->head)
+               return NULL;
        return (void *) offset;
 }
 
diff --git a/blobmsg.c b/blobmsg.c
index f317152..ce9e4dd 100644
--- a/blobmsg.c
+++ b/blobmsg.c
@@ -212,6 +212,8 @@ blobmsg_open_nested(struct blob_buf *buf, const char *name, 
bool array)
                name = "";
 
        head = blobmsg_new(buf, type, name, 0, &data);
+       if (!head)
+               return NULL;
        blob_set_raw_len(buf->head, blob_pad_len(buf->head) - 
blobmsg_hdrlen(strlen(name)));
        buf->head = head;
        return (void *)offset;
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Reply via email to