Index: apps/app_mixmonitor.c =================================================================== --- apps/app_mixmonitor.c (revision 48110) +++ apps/app_mixmonitor.c (working copy) @@ -233,7 +233,7 @@ /* Pre-allocate mixmonitor structure and spy */ if (!(mixmonitor = calloc(1, len))) { - return; + exit(ENOMEM); } /* Copy over flags and channel name */ Index: main/ast_expr2.fl =================================================================== --- main/ast_expr2.fl (revision 48110) +++ main/ast_expr2.fl (working copy) @@ -68,15 +68,15 @@ } while (0) #define SET_STRING do { \ - yylval_param->val = calloc(1, sizeof(struct val)); \ + yylval_param->val = calloc(1, sizeof(struct val)); if (! yylval_param->val) exit(ENOMEM); \ yylval_param->val->type = AST_EXPR_string; \ - yylval_param->val->u.s = strdup(yytext); \ + yylval_param->val->u.s = strdup(yytext); if (! yylval_param->val->u.s) exit(ENOMEM); \ } while (0) #define SET_NUMERIC_STRING do { \ - yylval_param->val = calloc(1, sizeof(struct val)); \ + yylval_param->val = calloc(1, sizeof(struct val)); if (! yylval_param->val) exit(ENOMEM); \ yylval_param->val->type = AST_EXPR_numeric_string; \ - yylval_param->val->u.s = strdup(yytext); \ + yylval_param->val->u.s = strdup(yytext); if (! yylval_param->val->u.s) exit(ENOMEM); \ } while (0) struct parse_io Index: main/ast_expr2.y =================================================================== --- main/ast_expr2.y (revision 48110) +++ main/ast_expr2.y (working copy) @@ -172,7 +172,7 @@ %% -start: expr { ((struct parse_io *)parseio)->val = (struct val *)calloc(sizeof(struct val),1); +start: expr { ((struct parse_io *)parseio)->val = (struct val*) calloc(1, sizeof(struct val)); if (! ((struct parse_io*) parseio)->val) exit(ENOMEM); ((struct parse_io *)parseio)->val->type = $1->type; if( $1->type == AST_EXPR_integer ) ((struct parse_io *)parseio)->val->u.i = $1->u.i; @@ -180,9 +180,9 @@ ((struct parse_io *)parseio)->val->u.s = $1->u.s; free($1); } - | {/* nothing */ ((struct parse_io *)parseio)->val = (struct val *)calloc(sizeof(struct val),1); + | {/* nothing */ ((struct parse_io *)parseio)->val = (struct val*) calloc(1, sizeof(struct val)); if (!((struct parse_io*) parseio)->val) exit(ENOMEM); ((struct parse_io *)parseio)->val->type = AST_EXPR_string; - ((struct parse_io *)parseio)->val->u.s = strdup(""); + ((struct parse_io *)parseio)->val->u.s = strdup(""); if (! ((struct parse_io*) parseio)->val->u.s) exit(ENOMEM); } ; Index: pbx/ael/ael.flex =================================================================== --- pbx/ael/ael.flex (revision 48110) +++ pbx/ael/ael.flex (working copy) @@ -225,7 +225,7 @@ [-a-zA-Z0-9'"_/.\<\>\*\+!$#\[\]][-a-zA-Z0-9'"_/.!\*\+\<\>\{\}$#\[\]]* { STORE_POS; - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); prev_word = yylval->str; return word; } @@ -244,7 +244,7 @@ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression: %s !\n", my_file, my_lineno, my_col, yytext); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); prev_word = 0; return word; } @@ -253,7 +253,7 @@ yymore(); } else { STORE_LOC; - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ unput(')'); BEGIN(0); @@ -276,7 +276,7 @@ ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); return word; } yymore(); @@ -304,7 +304,7 @@ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched ')' in expression!\n", my_file, my_lineno, my_col); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); return word; } @@ -316,7 +316,7 @@ BEGIN(0); if ( !strcmp(yytext, ")") ) return RP; - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); yylval->str[yyleng-1] = '\0'; /* trim trailing ')' */ unput(')'); return word; @@ -330,7 +330,7 @@ STORE_LOC; if( !strcmp(yytext,"," ) ) return COMMA; - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); yylval->str[yyleng-1] = '\0'; unput(','); return word; @@ -343,7 +343,7 @@ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); return word; } yymore(); @@ -366,7 +366,7 @@ STORE_LOC; ast_log(LOG_ERROR,"File=%s, line=%d, column=%d: Mismatched '%c' in expression!\n", my_file, my_lineno, my_col, c); BEGIN(0); - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); return word; } yymore(); @@ -374,7 +374,7 @@ {NOSEMIC}; { STORE_LOC; - yylval->str = strdup(yytext); + yylval->str = strdup(yytext); if (! yylval->str) exit(ENOMEM); yylval->str[yyleng-1] = '\0'; unput(';'); BEGIN(0); @@ -422,13 +422,30 @@ } else { char *buffer; struct stat stats; - stat(fnamebuf, &stats); - buffer = (char*)malloc(stats.st_size+1); + + if (stat(fnamebuf, &stats)) { + fclose(in1); + ast_log(LOG_ERROR,"file status query failed (error: %d)\n", errno); + exit(errno); + } + + buffer = (char*) malloc(stats.st_size+1); if (!buffer) { fclose(in1); exit(ENOMEM); } fread(buffer, 1, stats.st_size, in1); + + if (ferror(fin)) { + fclose(in1); + ast_log(LOG_ERROR,"file read failed (error: %d)\n", errno); + exit(errno); + } + buffer[stats.st_size] = 0; ast_log(LOG_NOTICE," --Read in included file %s, %d chars\n",fnamebuf, (int)stats.st_size); - fclose(in1); + if (fclose(in1)) { + ast_log(LOG_ERROR,"file close failed (error: %d)\n", errno); + exit(errno); + } + include_stack[include_stack_index].fname = my_file; my_file = strdup(fnamebuf); include_stack[include_stack_index].lineno = my_lineno; @@ -554,7 +571,7 @@ /* extern int ael_yydebug; */ - io = calloc(sizeof(struct parse_io),1); + io = calloc(1, sizeof(struct parse_io)); if (!io) exit(ENOMEM); /* reset the global counters */ prev_word = 0; my_lineno = 1; @@ -568,13 +585,47 @@ *errors = 1; return 0; } - my_file = strdup(filename); - stat(filename, &stats); + + if (!my_file) { + fclose(fin); + ast_log(LOG_ERROR,"string copy failed\n"); + *errors = 1; + return 0; + } + + if (stat(filename, &stats)) { + fclose(fin); + ast_log(LOG_ERROR,"file status query failed (error: %d)\n", errno); + *errors = 1; + return 0; + } + buffer = (char*)malloc(stats.st_size+2); + + if (!buffer) { + fclose(fin); + ast_log(LOG_ERROR,"memory allocation failed\n"); + *errors = 1; + return 0; + } + fread(buffer, 1, stats.st_size, fin); + + if (ferror(fin)) { + fclose(fin); + ast_log(LOG_ERROR,"file read failed (error: %d)\n", errno); + *errors = 1; + return 0; + } + buffer[stats.st_size]=0; - fclose(fin); + if (fclose(fin)) { + ast_log(LOG_ERROR,"file close failed (error: %d)\n", errno); + *errors = 1; + return 0; + } + ael_yy_scan_string (buffer ,io->scanner); ael_yyset_lineno(1 , io->scanner); Index: pbx/ael/ael.y =================================================================== --- pbx/ael/ael.y (revision 48110) +++ pbx/ael/ael.y (working copy) @@ -197,7 +197,7 @@ ; context_name : word { $$ = $1; } - | KW_DEFAULT { $$ = strdup("default"); } + | KW_DEFAULT { $$ = strdup("default"); if (!$$) exit(ENOMEM); } ; context : opt_abstract KW_CONTEXT context_name LC elements RC { @@ -438,6 +438,9 @@ } tot+=4; /* for safety */ bufx = calloc(1, tot); + + if (!bufx) exit(ENOMEM); + strcpy(bufx,$1->u1.str); strcat(bufx,"("); /* XXX need to advance the pointer or the loop is very inefficient */ @@ -495,7 +498,7 @@ $$->next->next = nword($5, &@5); } ; -opt_pri : /* empty */ { $$ = strdup("1"); } +opt_pri : /* empty */ { $$ = strdup("1"); if (!$$) exit(ENOMEM); } | COMMA word { $$ = $2; } ; @@ -544,13 +547,13 @@ ; opt_word : word { $$ = $1 } - | { $$ = strdup(""); } + | { $$ = strdup(""); if (!$$) exit(ENOMEM); } ; eval_arglist : word_list { $$ = nword($1, &@1); } | /*nothing! */ { $$= npval(PV_WORD,0/*@1.first_line*/,0/*@1.last_line*/,0/* @1.first_column*/, 0/*@1.last_column*/); - $$->u1.str = strdup(""); } + $$->u1.str = strdup(""); if (!$$->u1.str) exit(ENOMEM); } | eval_arglist COMMA opt_word { $$ = linku1($1, nword($3, &@3)); } ; @@ -721,7 +724,9 @@ } len++; } - res = calloc(1, len+1); + + if (!res) exit(ENOMEM); + res[0] = 0; s = res; for (p=mess; *p;) { @@ -761,6 +766,9 @@ int first_column, int last_column) { pval *z = calloc(1, sizeof(struct pval)); + + if (!z) exit(ENOMEM); + z->type = type; z->startline = first_line; z->endline = last_line; Index: utils/check_expr.c =================================================================== --- utils/check_expr.c (revision 48110) +++ utils/check_expr.c (working copy) @@ -33,7 +33,7 @@ struct varz { char varname[100]; /* a really ultra-simple, space-wasting linked list of var=val data */ - char varval[1000]; /* if any varname is bigger than 100 chars, or val greater than 1000, then **CRASH** */ + char varval[1000]; /* If a string is bigger than the target buffer, then truncate it. */ struct varz *next; }; @@ -69,10 +69,11 @@ void set_var(const char *varname, const char *varval) { struct varz *t = calloc(1,sizeof(struct varz)); - if (!t) - return; - strcpy(t->varname, varname); - strcpy(t->varval, varval); + + if (!t) exit(ENOMEM); + + ast_copy_string(t->varname, varname, sizeof(t->varname)); + ast_copy_string(t->varval, varval, sizeof(t->varval)); t->next = global_varlist; global_varlist = t; }