Hi Roman,
On Wed, Jul 3, 2024 at 8:39 AM Roman Smirnov <r.smirnov@xxxxxx> wrote:
>
> It is necessary to check that malloc() was able to allocate memory.
>
> Found with the SVACE static analysis tool.
> ---
> src/shared/vcp.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/src/shared/vcp.c b/src/shared/vcp.c
> index b7e17e448..2ffdb22a0 100644
> --- a/src/shared/vcp.c
> +++ b/src/shared/vcp.c
> @@ -2128,14 +2128,15 @@ static void read_vocs_audio_descriptor(struct bt_vcp *vcp, bool success,
> }
>
> vocs_ao_dec_r = malloc(length+1);
> - memset(vocs_ao_dec_r, 0, length+1);
> - memcpy(vocs_ao_dec_r, value, length);
>
> if (!vocs_ao_dec_r) {
> DBG(vcp, "Unable to get VOCS Audio Descriptor");
> return;
> }
>
> + memset(vocs_ao_dec_r, 0, length+1);
> + memcpy(vocs_ao_dec_r, value, length);
> +
> DBG(vcp, "VOCS Audio Descriptor: %s", vocs_ao_dec_r);
> free(vocs_ao_dec_r);
> vocs_ao_dec_r = NULL;
> @@ -2532,14 +2533,15 @@ static void read_aics_audio_ip_description(struct bt_vcp *vcp, bool success,
> }
>
> ip_descrptn = malloc(length+1);
> - memset(ip_descrptn, 0, length+1);
> - memcpy(ip_descrptn, value, length);
>
> if (!ip_descrptn) {
> DBG(vcp, "Unable to get Audio Input Description");
> return;
> }
>
> + memset(ip_descrptn, 0, length+1);
> + memcpy(ip_descrptn, value, length);
> +
> DBG(vcp, "Audio Input Description: %s", ip_descrptn);
> free(ip_descrptn);
> ip_descrptn = NULL;
> --
> 2.43.0
We might be better off using util_memdup here since it already
incorporates these checks and aborts if we cannot allocate memory.
>
>
--
Luiz Augusto von Dentz
