These were the problems that still existed in the 2.0 branch.
Jeremy.
if (!inbuf) inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
if (!outbuf) outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+ if(!inbuf || !outbuf) {
+ DEBUG(0,("cli_call_api: malloc fail.\n"));
+ return False;
+ }
+
if (pipe_name_len == 0) pipe_name_len = strlen(pipe_name);
cli_send_trans_request(outbuf,SMBtrans,pipe_name, pipe_name_len, 0,0,
*data = Realloc(*data,total_data);
*param = Realloc(*param,total_param);
+ if((total_data && !data) || (total_param && !param)) {
+ DEBUG(0,("cli_receive_trans_response: Realloc fail !\n"));
+ return(False);
+ }
+
while (1)
{
this_data = SVAL(inbuf,smb_drcnt);
bzero(&opt, sizeof(opt));
if (was_null)
- {
- inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
- outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+ {
+ inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+ outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+
+ if(!inbuf || !outbuf) {
+ DEBUG(0,("cli_send_login: malloc fail !\n"));
+ return False;
}
+ }
if (strstr(service,"IPC$")) connect_as_ipc = True;
multibyte_strtok = (char *(*)(char *, char *)) generic_multibyte_strtok;
_skip_multibyte_char = skip_generic_multibyte_char;
is_multibyte_char_1 = hangul_is_multibyte_char_1;
+ break;
case BIG5_CODEPAGE:
multibyte_strchr = (char *(*)(char *, int )) generic_multibyte_strchr;
multibyte_strrchr = (char *(*)(char *, int )) generic_multibyte_strrchr;
multibyte_strtok = (char *(*)(char *, char *)) generic_multibyte_strtok;
_skip_multibyte_char = skip_generic_multibyte_char;
is_multibyte_char_1 = big5_is_multibyte_char_1;
+ break;
case SIMPLIFIED_CHINESE_CODEPAGE:
multibyte_strchr = (char *(*)(char *, int )) generic_multibyte_strchr;
multibyte_strrchr = (char *(*)(char *, int )) generic_multibyte_strrchr;
if (l == 0)
{
- if (!null_string)
- null_string = (char *)malloc(1);
-
- *null_string = 0;
+ if (!null_string) {
+ if((null_string = (char *)malloc(1)) == NULL) {
+ DEBUG(0,("string_init: malloc fail for null_string.\n"));
+ return False;
+ }
+ *null_string = 0;
+ }
*dest = null_string;
}
else
return;
}
- p=(char *)malloc(8192*sizeof(char));
+ if((p=(char *)malloc(8192*sizeof(char))) == NULL) {
+ DEBUG(0,("fill_printq_info: malloc fail !\n"));
+ desc->errcode=NERR_notsupported;
+ fclose(f);
+ return;
+ }
+
bzero(p, 8192*sizeof(char));
q=p;
return(0);
}
- p=(char *)malloc(8192*sizeof(char));
+ if((p=(char *)malloc(8192*sizeof(char))) == NULL) {
+ DEBUG(3,("get_printerdrivernumber: malloc fail !\n"));
+ fclose(f);
+ return 0;
+ }
+
q=p; /* need it to free memory because p change ! */
/* lookup the long printer driver name in the file description */
if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
queuecnt++;
if (uLevel > 0) {
- queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*));
+ if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) {
+ DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+ return False;
+ }
memset(queue,0,queuecnt*sizeof(print_queue_struct*));
- status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct));
+ if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) {
+ DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+ return False;
+ }
memset(status,0,queuecnt*sizeof(print_status_struct));
- subcntarr = (int*)malloc(queuecnt*sizeof(int));
+ if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) {
+ DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+ return False;
+ }
subcnt = 0;
n = 0;
for (i = 0; i < services; i++)
for (i=0;api_commands[i].name;i++)
if (api_commands[i].id == api_command && api_commands[i].fn)
{
- DEBUG(3,("Doing %s\n",api_commands[i].name));
- break;
+ DEBUG(3,("Doing %s\n",api_commands[i].name));
+ break;
}
rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024);
rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024);
+ if(!rdata || !rparam) {
+ DEBUG(0,("api_reply: malloc fail !\n"));
+ return -1;
+ }
+
reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt,
&rdata,&rparam,&rdata_len,&rparam_len);
}
if (tdscnt) {
- data = (char *)malloc(tdscnt);
+ if((data = (char *)malloc(tdscnt)) == NULL) {
+ DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
memcpy(data,smb_base(inbuf)+dsoff,dscnt);
}
if (tpscnt) {
- params = (char *)malloc(tpscnt);
+ if((params = (char *)malloc(tpscnt)) == NULL) {
+ DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
memcpy(params,smb_base(inbuf)+psoff,pscnt);
}
if (suwcnt) {
int i;
- setup = (uint16 *)malloc(suwcnt*sizeof(setup[0]));
+ if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
+ DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", suwcnt * sizeof(uint16)));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
for (i=0;i<suwcnt;i++)
setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
}
if ((total_params && !params) || (total_data && !data)) {
DEBUG(2,("Out of memory in reply_trans2\n"));
+ if(params)
+ free(params);
+ if(data)
+ free(data);
return(ERROR(ERRDOS,ERRnomem));
}
*entry=(char *)malloc(sizeof(pstring));
value=(char *)malloc(sizeof(pstring));
+
+ if(*entry == NULL || value == NULL) {
+ fprintf(stderr,"scan: malloc fail !\n");
+ exit(1);
+ }
+
pstrcpy(*entry,chaine);
temp=chaine;
while( temp[i]!='=' && temp[i]!='\0') {
temp=(char *)malloc(sizeof(pstring));
temp2=(char *)malloc(sizeof(pstring));
+ if(temp == NULL || temp2 == NULL) {
+ fprintf(stderr,"lookup_strings: malloc fail !\n");
+ exit(1);
+ }
+
*sbuffer[0]='\0';
pstrcpy(temp2,"[Strings]");
temp=(char *)malloc(sizeof(pstring));
temp2=(char *)malloc(sizeof(pstring));
+ if(temp == NULL || temp2 == NULL) {
+ fprintf(stderr,"lookup_entry: malloc fail !\n");
+ exit(1);
+ }
+
*buffer[0]='\0';
pstrcpy(temp2,"[");
long_desc=(char *)malloc(sizeof(pstring));
short_desc=(char *)malloc(sizeof(pstring));
if (!chaine || !long_desc || !short_desc) {
- fprintf(stderr,"Unable to malloc memory\n");
+ fprintf(stderr,"find_desc: Unable to malloc memory\n");
exit(1);
}
helpfile=0;
languagemonitor=0;
datatype="RAW";
- temp=(char *)malloc(sizeof(pstring));
+ if((temp=(char *)malloc(sizeof(pstring))) == NULL) {
+ fprintf(stderr, "scan_short_desc: malloc fail !\n");
+ exit(1);
+ }
driverfile=short_desc;
datafile=short_desc;
lookup_entry(inf_file,"DestinationDirs");
build_subdir();
- files_to_copy=(char *)malloc(2048*sizeof(char));
+ if((files_to_copy=(char *)malloc(2048*sizeof(char))) == NULL) {
+ fprintf(stderr, "%s: malloc fail.\n", argv[0] );
+ exit(1);
+ }
*files_to_copy='\0';
scan_short_desc(inf_file,short_desc);
fprintf(stdout,"%s:%s:%s:",