171 lines
4.7 KiB
Diff
171 lines
4.7 KiB
Diff
From a47f87c0a79015dc8c712b9713f2d2fd052405d1 Mon Sep 17 00:00:00 2001
|
|
From: Reini Urban <rurban@cpan.org>
|
|
Date: Tue, 26 May 2020 15:48:19 +0200
|
|
Subject: [PATCH] Fix various obj NULL derefs
|
|
|
|
Reported by Petr Pisar [cpan #132711]
|
|
---
|
|
Bzip2.xs | 44 +++++++++++++++++++++++++++-----------------
|
|
1 file changed, 27 insertions(+), 17 deletions(-)
|
|
|
|
diff --git a/Bzip2.xs b/Bzip2.xs
|
|
index e18fced..0d8d0e9 100644
|
|
--- a/Bzip2.xs
|
|
+++ b/Bzip2.xs
|
|
@@ -179,7 +179,7 @@ char* error_info;
|
|
|
|
errstr = error_num * -1 < 0 || error_num * -1 > 9 ? "Unknown" : (char *) bzerrorstrings[ error_num * -1 ];
|
|
|
|
- if ( obj!=NULL ) {
|
|
+ if ( obj != NULL ) {
|
|
obj->bzip_errno = error_num;
|
|
obj->io_error = error_num == BZ_IO_ERROR ? errno : 0;
|
|
}
|
|
@@ -216,7 +216,7 @@ Bool bzfile_error( bzFile *obj ) {
|
|
#else
|
|
Bool bzfile_error( obj ) bzFile *obj; {
|
|
#endif
|
|
- return obj!=NULL ? ( obj->bzip_errno ? True : False ) : global_bzip_errno ? True : False;
|
|
+ return obj != NULL ? ( obj->bzip_errno ? True : False ) : global_bzip_errno ? True : False;
|
|
}
|
|
|
|
#ifdef CAN_PROTOTYPE
|
|
@@ -224,7 +224,7 @@ int bzfile_geterrno( bzFile *obj ) {
|
|
#else
|
|
int bzfile_geterrno( obj ) bzFile *obj; {
|
|
#endif
|
|
- return obj==NULL ? global_bzip_errno : obj->bzip_errno;
|
|
+ return obj == NULL ? global_bzip_errno : obj->bzip_errno;
|
|
}
|
|
|
|
#ifdef CAN_PROTOTYPE
|
|
@@ -232,7 +232,7 @@ const char *bzfile_geterrstr( bzFile *obj ) {
|
|
#else
|
|
const char *bzfile_geterrstr( obj ) bzFile *obj; {
|
|
#endif
|
|
- int error_num = obj==NULL ? global_bzip_errno : obj->bzip_errno;
|
|
+ int error_num = obj == NULL ? global_bzip_errno : obj->bzip_errno;
|
|
char *errstr = error_num * -1 < 0 || error_num * -1 > 9 ? "Unknown" : (char *) bzerrorstrings[ error_num * -1 ];
|
|
return errstr;
|
|
}
|
|
@@ -242,7 +242,7 @@ Bool bzfile_eof( bzFile *obj ) {
|
|
#else
|
|
Bool bzfile_eof( obj ) bzFile *obj; {
|
|
#endif
|
|
- return obj==NULL ? False :
|
|
+ return obj == NULL ? False :
|
|
obj->bzip_errno == BZ_UNEXPECTED_EOF ? True :
|
|
obj->bzip_errno == BZ_OK && obj->pending_io_error && obj->io_error == BZ_IO_EOF ? True :
|
|
obj->bzip_errno != BZ_IO_ERROR ? False :
|
|
@@ -254,7 +254,7 @@ long bzfile_total_in( bzFile *obj ) {
|
|
#else
|
|
long bzfile_total_in( obj ) bzFile *obj; {
|
|
#endif
|
|
- return obj->total_in;
|
|
+ return obj == NULL ? 0 : obj->total_in;
|
|
}
|
|
|
|
#ifdef CAN_PROTOTYPE
|
|
@@ -262,7 +262,7 @@ long bzfile_total_out( bzFile *obj ) {
|
|
#else
|
|
long bzfile_total_out( obj ) bzFile *obj; {
|
|
#endif
|
|
- return obj->total_out;
|
|
+ return obj == NULL ? 0 : obj->total_out;
|
|
}
|
|
|
|
#ifdef CAN_PROTOTYPE
|
|
@@ -270,8 +270,10 @@ long bzfile_clear_totals( bzFile *obj ) {
|
|
#else
|
|
long bzfile_clear_totals( obj ) bzFile *obj; {
|
|
#endif
|
|
- obj->total_in = 0;
|
|
- obj->total_out = 0;
|
|
+ if (obj) {
|
|
+ obj->total_in = 0;
|
|
+ obj->total_out = 0;
|
|
+ }
|
|
return 0;
|
|
}
|
|
|
|
@@ -284,7 +286,8 @@ int bzfile_clearerr( obj ) bzFile *obj; {
|
|
int clear_flag = 1;
|
|
|
|
if ( error_num == BZ_IO_ERROR ) {
|
|
- PerlIO_clearerr( obj->handle );
|
|
+ if (obj)
|
|
+ PerlIO_clearerr( obj->handle );
|
|
}
|
|
else if ( error_num == BZ_SEQUENCE_ERROR ) {
|
|
/* program error */
|
|
@@ -310,7 +313,7 @@ int bzfile_clearerr( obj ) bzFile *obj; {
|
|
clear_flag = 0; /* we don't like the version of bzlib */
|
|
}
|
|
else if ( error_num == BZ_OK ) {
|
|
- if ( obj->pending_io_error ) {
|
|
+ if ( obj && obj->pending_io_error ) {
|
|
if ( obj->io_error == BZ_IO_EOF ) {
|
|
PerlIO_clearerr( obj->handle );
|
|
clear_flag = 0;
|
|
@@ -335,7 +338,7 @@ int bzfile_clearerr( obj ) bzFile *obj; {
|
|
}
|
|
|
|
if ( clear_flag ) {
|
|
- if ( obj != NULL ) {
|
|
+ if ( obj ) {
|
|
obj->bzip_errno = 0;
|
|
obj->io_error = 0;
|
|
obj->pending_io_error = False;
|
|
@@ -368,6 +371,11 @@ bzFile* bzfile_new( verbosity, small, blockSize100k, workFactor )
|
|
}
|
|
|
|
Newz(idthing, obj, 1, bzFile);
|
|
+ if (!obj) {
|
|
+ BZ_SETERR(NULL, BZ_IO_ERROR, NULL);
|
|
+ die( "Out of memory");
|
|
+ return NULL;
|
|
+ }
|
|
|
|
BZ_SETERR(obj, BZ_OK, NULL);
|
|
|
|
@@ -411,7 +419,7 @@ void bzfile_free( bzFile* obj ) {
|
|
#else
|
|
void bzfile_free( obj ) bzFile* obj; {
|
|
#endif
|
|
- if ( obj!=NULL ) Safefree((void*) obj);
|
|
+ if ( obj != NULL ) Safefree((void*) obj);
|
|
}
|
|
|
|
/* query and/or set param setting of bzFile */
|
|
@@ -1668,8 +1676,8 @@ MY_new(...)
|
|
{
|
|
int i;
|
|
|
|
- perlobj=NULL;
|
|
- obj=NULL;
|
|
+ perlobj = NULL;
|
|
+ obj = NULL;
|
|
if ( items == 0 ) {
|
|
class = "Compress::Bzip2";
|
|
}
|
|
@@ -1711,7 +1719,9 @@ DESTROY(obj)
|
|
|
|
CODE:
|
|
{
|
|
- if (obj->verbosity>=1)
|
|
+ if (!obj)
|
|
+ XSRETURN_UNDEF;
|
|
+ if (obj->verbosity >= 1)
|
|
PerlIO_printf(PerlIO_stderr(), "debug: DESTROY on %p\n", obj);
|
|
bzfile_close( obj, 0 );
|
|
bzfile_free( obj );
|
|
@@ -2135,7 +2145,7 @@ MY_bzclearerr(obj)
|
|
|
|
CODE:
|
|
{
|
|
- if ( bzfile_clearerr( obj ) )
|
|
+ if ( obj && bzfile_clearerr( obj ) )
|
|
RETVAL = 1;
|
|
else
|
|
RETVAL = 0;
|