Re: Patch: fix double free (spotted by Coverity)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following patch fixes memory and file descriptor leaks (Coverity
reports #777 and #1826) in error cases for FcDirScanConfig.

Please review this patch carefully, as I used goto for bail conditions
and tried to call free functions only one time in the FcDirScanConfig
code (to ease code review in the future).
-- 
Frederic Crozat <fcrozat@xxxxxxxxxxxx>
Mandriva

Index: ChangeLog
===================================================================
RCS file: /cvs/fontconfig/fontconfig/ChangeLog,v
retrieving revision 1.109.2.185
diff -u -p -r1.109.2.185 ChangeLog
--- ChangeLog	7 Apr 2006 18:07:51 -0000	1.109.2.185
+++ ChangeLog	10 Apr 2006 15:29:00 -0000
@@ -1,3 +1,8 @@
+2006-04-10  Frederic Crozat  <fcrozat@xxxxxxxxxxxx>
+
+	* src/fcdir.c: (FcDirScanConfig):
+	Don't leak in error cases (Coverity defects #777, #1826)
+
 2006-04-07  Dominic Lachowicz  <cinamod@xxxxxxxxxxx>
 	reviewed by: plam
 	* fc-cache/Makefile.am:
Index: src/fcdir.c
===================================================================
RCS file: /cvs/fontconfig/fontconfig/src/fcdir.c,v
retrieving revision 1.20.4.18
diff -u -p -r1.20.4.18 fcdir.c
--- src/fcdir.c	7 Apr 2006 04:19:49 -0000	1.20.4.18
+++ src/fcdir.c	10 Apr 2006 15:29:00 -0000
@@ -180,17 +180,18 @@
     }
 
     tmpSet = FcFontSetCreate();
-    if (!tmpSet)
-    {	
-	free (file);
-	return FcFalse;
+    if (!tmpSet) {
+	ret = FcFalse;
+	goto bail0;
     }
 
     dirlistlen = 0;
     dirlistalloc = 8;
     dirlist = malloc(dirlistalloc * sizeof(FcChar8 *));
-    if (!dirlist)
-       return FcFalse;
+    if (!dirlist) {
+       ret = FcFalse;
+       goto bail1;
+    }
     while ((e = readdir (d)))
     {
 	if (e->d_name[0] != '.' && strlen (e->d_name) < FC_MAX_FILE_LEN)
@@ -199,12 +200,16 @@
 	    {
 		dirlistalloc *= 2;
 		dirlist = realloc(dirlist, dirlistalloc * sizeof(FcChar8 *));
-		if (!dirlist)
-		    return FcFalse;
+		if (!dirlist) {
+		    ret = FcFalse;
+		    goto bail2;
+		}
 	    }
 	    dirlist[dirlistlen] = malloc(strlen (e->d_name) + 1);
-	    if (!dirlist[dirlistlen])
-		return FcFalse;
+	    if (!dirlist[dirlistlen]) {
+		ret = FcFalse;
+		goto bail3;
+	    }
 	    strcpy((char *)dirlist[dirlistlen], e->d_name);
 	    dirlistlen++;
 	}
@@ -217,11 +222,6 @@
 	ret = FcFileScanConfig (tmpSet, dirs, cache, blanks, file, force, config);
 	i++;
     }
-    for (i = 0; i < dirlistlen; i++)
-	free(dirlist[i]);
-    free (dirlist);
-    free (file);
-    closedir (d);
     /*
      * Now that the directory has been scanned,
      * add the cache entry 
@@ -238,8 +238,21 @@
 	free (tmpSet->fonts);
     }
     FcMemFree (FC_MEM_FONTSET, sizeof (FcFontSet));
+
+ bail3:
+    for (i = 0; i < dirlistlen; i++)
+	free(dirlist[i]);
+
+ bail2:
+    free (dirlist);
+
+ bail1:
     free (tmpSet);
-	
+    
+ bail0:
+    closedir (d);
+    
+    free (file);
     return ret;
 }
 

_______________________________________________
Fontconfig mailing list
Fontconfig@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/fontconfig
[Index of Archives]     [Fedora Fonts]     [Fedora Users]     [Fedora Cloud]     [Kernel]     [Fedora Packaging]     [Fedora Desktop]     [PAM]     [Gimp Graphics Editor]     [Yosemite News]

  Powered by Linux