fixed some missing NULL checks, reported by M Bealby in bug #1110
Modified: trunk/reactos/lib/kernel32/misc/atom.c
Modified: trunk/reactos/lib/kernel32/misc/env.c
Modified: trunk/reactos/lib/kernel32/misc/lzexpand_main.c
Modified: trunk/reactos/lib/kernel32/process/cmdline.c
Modified: trunk/reactos/lib/kernel32/process/create.c
Modified: trunk/reactos/lib/kernel32/process/proc.c

Modified: trunk/reactos/lib/kernel32/misc/atom.c
--- trunk/reactos/lib/kernel32/misc/atom.c	2005-12-11 20:22:21 UTC (rev 20080)
+++ trunk/reactos/lib/kernel32/misc/atom.c	2005-12-11 21:12:22 UTC (rev 20081)
@@ -238,6 +238,11 @@
    Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
 			    HEAP_ZERO_MEMORY,
 			    BufferSize);
+   if (Buffer == NULL)
+   {
+       SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+       return 0;
+   }
 
    Status = NtQueryInformationAtom(nAtom,
 				   AtomBasicInformation,
@@ -249,6 +254,7 @@
 	RtlFreeHeap(RtlGetProcessHeap(),
 		    0,
 		    Buffer);
+        SetLastErrorByStatus(Status);
 	return 0;
      }
 
@@ -287,6 +293,11 @@
    Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
 			    HEAP_ZERO_MEMORY,
 			    BufferSize);
+   if (Buffer == NULL)
+   {
+       SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+       return 0;
+   }
 
    Status = NtQueryInformationAtom(nAtom,
 				   AtomBasicInformation,
@@ -298,6 +309,7 @@
 	RtlFreeHeap(RtlGetProcessHeap(),
 		    0,
 		    Buffer);
+        SetLastErrorByStatus(Status);
 	return 0;
      }
 
@@ -552,6 +564,11 @@
    Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
 			    HEAP_ZERO_MEMORY,
 			    NameLength);
+   if (Buffer == NULL)
+   {
+       SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+       return 0;
+   }
 
    Status = RtlQueryAtomInAtomTable(AtomTable,
 				    nAtom,
@@ -564,6 +581,7 @@
 	RtlFreeHeap(RtlGetProcessHeap(),
 		    0,
 		    Buffer);
+        SetLastErrorByStatus(Status);
 	return 0;
      }
 

Modified: trunk/reactos/lib/kernel32/misc/env.c
--- trunk/reactos/lib/kernel32/misc/env.c	2005-12-11 20:22:21 UTC (rev 20080)
+++ trunk/reactos/lib/kernel32/misc/env.c	2005-12-11 21:12:22 UTC (rev 20081)
@@ -290,6 +290,11 @@
 	EnvPtr = RtlAllocateHeap (RtlGetProcessHeap (),
 	                          0,
 	                          Length + 1);
+        if (EnvPtr == NULL)
+        {
+            SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+            return NULL;
+        }
 	DPRINT("EnvPtr %p\n", EnvPtr);
 
 	/* convert unicode environment to ansi */
@@ -392,9 +397,14 @@
 
 	RtlInitAnsiString (&Source,
 	                   (LPSTR)lpSrc);
-	RtlAnsiStringToUnicodeString (&SourceU,
-	                              &Source,
-	                              TRUE);
+	Status = RtlAnsiStringToUnicodeString (&SourceU,
+	                                       &Source,
+	                                       TRUE);
+        if (!NT_SUCCESS(Status))
+        {
+            SetLastErrorByStatus (Status);
+            return 0;
+        }
 
 	Destination.Length = 0;
 	Destination.MaximumLength = nSize;
@@ -405,6 +415,12 @@
 	DestinationU.Buffer = RtlAllocateHeap (RtlGetProcessHeap (),
 	                                       0,
 	                                       DestinationU.MaximumLength);
+        if (DestinationU.Buffer == NULL)
+        {
+            RtlFreeUnicodeString(&SourceU);
+            SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+            return 0;
+        }
 
 	Status = RtlExpandEnvironmentStrings_U (NULL,
 	                                        &SourceU,

Modified: trunk/reactos/lib/kernel32/misc/lzexpand_main.c
--- trunk/reactos/lib/kernel32/misc/lzexpand_main.c	2005-12-11 20:22:21 UTC (rev 20080)
+++ trunk/reactos/lib/kernel32/misc/lzexpand_main.c	2005-12-11 21:12:22 UTC (rev 20081)
@@ -294,14 +294,23 @@
 INT WINAPI GetExpandedNameW( LPWSTR in, LPWSTR out )
 {
     INT ret;
-    DWORD len = WideCharToMultiByte( CP_ACP, 0, in, -1, NULL, 0, NULL, NULL );
-    char *xin = RtlAllocateHeap( GetProcessHeap(), 0, len );
-    char *xout = RtlAllocateHeap( GetProcessHeap(), 0, len+3 );
+    DWORD len;
+    char *xin, *xout;
+    len = WideCharToMultiByte( CP_ACP, 0, in, -1, NULL, 0, NULL, NULL );
+    xin = RtlAllocateHeap( RtlGetProcessHeap(), 0, len );
+    if (xin == NULL)
+        return LZERROR_BADVALUE;
+    xout = RtlAllocateHeap( RtlGetProcessHeap(), 0, len+3 );
+    if (xout == NULL)
+    {
+        RtlFreeHeap( RtlGetProcessHeap(), 0, xin );
+        return LZERROR_BADVALUE;
+    }
     WideCharToMultiByte( CP_ACP, 0, in, -1, xin, len, NULL, NULL );
     if ((ret = GetExpandedNameA( xin, xout )) > 0)
         MultiByteToWideChar( CP_ACP, 0, xout, -1, out, wcslen(in)+4 );
-    RtlFreeHeap( GetProcessHeap(), 0, xin );
-    RtlFreeHeap( GetProcessHeap(), 0, xout );
+    RtlFreeHeap( RtlGetProcessHeap(), 0, xin );
+    RtlFreeHeap( RtlGetProcessHeap(), 0, xout );
     return ret;
 }
 

Modified: trunk/reactos/lib/kernel32/process/cmdline.c
--- trunk/reactos/lib/kernel32/process/cmdline.c	2005-12-11 20:22:21 UTC (rev 20080)
+++ trunk/reactos/lib/kernel32/process/cmdline.c	2005-12-11 21:12:22 UTC (rev 20081)
@@ -32,6 +32,8 @@
 {
 	PRTL_USER_PROCESS_PARAMETERS Params;
 
+        /* FIXME - not thread-safe! */
+
 	// get command line
 	Params = NtCurrentPeb()->ProcessParameters;
 	RtlNormalizeProcessParams (Params);
@@ -42,6 +44,10 @@
 	CommandLineStringW.Buffer = RtlAllocateHeap(GetProcessHeap(),
 						    HEAP_GENERATE_EXCEPTIONS|HEAP_ZERO_MEMORY,
 						    CommandLineStringW.MaximumLength);
+        if (CommandLineStringW.Buffer == NULL)
+        {
+            return;
+        }
 
 	RtlInitAnsiString(&CommandLineStringA, NULL);
 

Modified: trunk/reactos/lib/kernel32/process/create.c
--- trunk/reactos/lib/kernel32/process/create.c	2005-12-11 20:22:21 UTC (rev 20080)
+++ trunk/reactos/lib/kernel32/process/create.c	2005-12-11 21:12:22 UTC (rev 20081)
@@ -160,7 +160,11 @@
                             &Context,
                             &InitialTeb,
                             TRUE);
-   
+    if (!NT_SUCCESS(Status))
+    {
+        return NULL;
+    }
+
     /* Success */
     return hThread;
 }
@@ -603,7 +607,7 @@
                                   NULL);
                                   
     /* Cleanup */
-    RtlFreeHeap(GetProcessHeap(), 0, DllPath.Buffer);
+    RtlFreeHeap(RtlGetProcessHeap(), 0, DllPath.Buffer);
     RtlDestroyProcessParameters(ProcessParameters);
 
     DPRINT("Completed\n");
@@ -635,10 +639,10 @@
     BOOLEAN FoundQuotes = FALSE;
     BOOLEAN QuotesNeeded = FALSE;
     BOOLEAN CmdLineIsAppName = FALSE;
-    UNICODE_STRING ApplicationName;
+    UNICODE_STRING ApplicationName = {0};
     OBJECT_ATTRIBUTES LocalObjectAttributes;
     POBJECT_ATTRIBUTES ObjectAttributes;
-    HANDLE hSection, hProcess, hThread;
+    HANDLE hSection = NULL, hProcess = NULL, hThread = NULL;
     SECTION_IMAGE_INFORMATION SectionImageInfo;
     LPWSTR CurrentDirectory = NULL;
     LPWSTR CurrentDirectoryPart;
@@ -662,6 +666,7 @@
     PPEB OurPeb = NtCurrentPeb();
     PPEB RemotePeb;
     SIZE_T EnvSize = 0;
+    BOOL Ret = FALSE;
     
     DPRINT("CreateProcessW: lpApplicationName: %S lpCommandLine: %S"
            " lpEnvironment: %p lpCurrentDirectory: %S dwCreationFlags: %lx\n",
@@ -767,9 +772,14 @@
     if (!lpApplicationName)
     {
         /* The fun begins */
-        NameBuffer = RtlAllocateHeap(GetProcessHeap(), 
+        NameBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 
                                      0,
                                      MAX_PATH * sizeof(WCHAR));
+        if (NameBuffer == NULL)
+        {
+            SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+            goto Cleanup;
+        }
         
         /* This is all we have to work with :( */
         lpApplicationName = lpCommandLine;
@@ -929,7 +939,7 @@
             }
                 
             /* We totally failed */
-            return FALSE;
+            goto Cleanup;
         }
                 
         /* Put back the command line */
@@ -963,8 +973,8 @@
             if ((BasepCheckDosApp(&ApplicationName))) 
             {
                 DPRINT1("Launching VDM...\n");
-                RtlFreeHeap(GetProcessHeap(), 0, NameBuffer);
-                RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer);
+                RtlFreeHeap(RtlGetProcessHeap(), 0, NameBuffer);
+                RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer);
                 return CreateProcessW(L"ntvdm.exe",
                                       (LPWSTR)lpApplicationName,
                                       lpProcessAttributes,
@@ -996,9 +1006,14 @@
             CmdLineLength *= sizeof(WCHAR);
             
             /* Allocate space for the new command line */
-            BatchCommandLine = RtlAllocateHeap(GetProcessHeap(),
+            BatchCommandLine = RtlAllocateHeap(RtlGetProcessHeap(),
                                                0,
                                                CmdLineLength);
+            if (BatchCommandLine == NULL)
+            {
+                SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+                goto Cleanup;
+            }
                                               
             /* Build it */
             wcscpy(BatchCommandLine, CMD_STRING);
@@ -1020,7 +1035,7 @@
             lpApplicationName = NULL;
             
             /* Free memory */
-            RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer);
+            RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer);
             ApplicationName.Buffer = NULL;
             goto GetAppName;
             break;
@@ -1029,8 +1044,8 @@
             
                 /* It's a Win16 Image, use VDM */
                 DPRINT1("Launching VDM...\n");
-                RtlFreeHeap(GetProcessHeap(), 0, NameBuffer);
-                RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer);
+                RtlFreeHeap(RtlGetProcessHeap(), 0, NameBuffer);
+                RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer);
                 return CreateProcessW(L"ntvdm.exe",
                                       (LPWSTR)lpApplicationName,
                                       lpProcessAttributes,
@@ -1045,7 +1060,7 @@
             default:
                 /* Invalid Image Type */
                 SetLastError(ERROR_BAD_EXE_FORMAT);
-                return FALSE;
+                goto Cleanup;
         }
     }
     
@@ -1067,19 +1082,17 @@
                             NULL);
     if(!NT_SUCCESS(Status))
     {
-        NtClose(hSection);
         DPRINT1("Unable to get SectionImageInformation, status 0x%x\n", Status);
         SetLastErrorByStatus(Status);
-        return FALSE;
+        goto Cleanup;
     }
 
     /* Don't execute DLLs */
     if (SectionImageInfo.ImageCharacteristics & IMAGE_FILE_DLL)
     {
-        NtClose(hSection);
         DPRINT1("Can't execute a DLL\n");
         SetLastError(ERROR_BAD_EXE_FORMAT);
-        return FALSE;
+        goto Cleanup;
     }
     
     /* FIXME: Check for Debugger */
@@ -1090,10 +1103,9 @@
     if (IMAGE_SUBSYSTEM_WINDOWS_GUI != SectionImageInfo.SubsystemType && 
         IMAGE_SUBSYSTEM_WINDOWS_CUI != SectionImageInfo.SubsystemType)
     {
-        NtClose(hSection);
         DPRINT1("Invalid subsystem %d\n", SectionImageInfo.SubsystemType);
         SetLastError(ERROR_BAD_EXE_FORMAT);
-        return FALSE;
+        goto Cleanup;
     }
 
     /* Initialize the process object attributes */
@@ -1112,10 +1124,9 @@
                              NULL);
     if(!NT_SUCCESS(Status))
     {
-        NtClose(hSection);
         DPRINT1("Unable to create process, status 0x%x\n", Status);
         SetLastErrorByStatus(Status);
-        return FALSE;
+        goto Cleanup;
     }
     
     /* Set new class */
@@ -1125,11 +1136,9 @@
                                      sizeof(PROCESS_PRIORITY_CLASS));
     if(!NT_SUCCESS(Status))
     {
-        NtClose(hProcess);
-        NtClose(hSection);
         DPRINT1("Unable to set new process priority, status 0x%x\n", Status);
         SetLastErrorByStatus(Status);
-        return FALSE;
+        goto Cleanup;
     }
     
     /* Set Error Mode */
@@ -1146,9 +1155,15 @@
     if (lpCurrentDirectory)
     {
         /* Allocate a buffer */
-        CurrentDirectory = RtlAllocateHeap(GetProcessHeap(),
+        CurrentDirectory = RtlAllocateHeap(RtlGetProcessHeap(),
                                            0,
-                                           MAX_PATH * sizeof(WCHAR) + 2);
+                                           (MAX_PATH + 1) * sizeof(WCHAR));
+        if (CurrentDirectory == NULL)
+        {
+            DPRINT1("Cannot allocate memory for directory name\n");
+            SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+            goto Cleanup;
+        }
                                            
         /* Get the length */
         if (GetFullPathNameW(lpCurrentDirectory,
@@ -1158,7 +1173,7 @@
         {
             DPRINT1("Directory name too long\n");
             SetLastError(ERROR_DIRECTORY);
-            return FALSE;
+            goto Cleanup;
         }
     }
     
@@ -1166,10 +1181,16 @@
     if (QuotesNeeded || CmdLineIsAppName)
     {
         /* Allocate a buffer */
-        QuotedCmdLine = RtlAllocateHeap(GetProcessHeap(), 
+        QuotedCmdLine = RtlAllocateHeap(RtlGetProcessHeap(), 
                                         0,
                                         (wcslen(lpCommandLine) + 2 + 1) * 
                                         sizeof(WCHAR));
+        if (QuotedCmdLine == NULL)
+        {
+            DPRINT1("Cannot allocate memory for quoted command line\n");
+            SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+            goto Cleanup;
+        }
                                         
         /* Copy the first quote */
         wcscpy(QuotedCmdLine, L"\"");
@@ -1199,9 +1220,14 @@
     {
         if (QuotedCmdLine == NULL)
         {
-            QuotedCmdLine = RtlAllocateHeap(GetProcessHeap(), 
+            QuotedCmdLine = RtlAllocateHeap(RtlGetProcessHeap(), 
                                             0,
                                             (wcslen(lpCommandLine) + 1) * sizeof(WCHAR));
+            if (QuotedCmdLine == NULL)
+            {
+                SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+                goto Cleanup;
+            }
             wcscpy(QuotedCmdLine, lpCommandLine);
         }
 
@@ -1227,7 +1253,7 @@
     if(lpEnvironment && !(dwCreationFlags & CREATE_UNICODE_ENVIRONMENT))
     {
         lpEnvironment = BasepConvertUnicodeEnvironment(&EnvSize, lpEnvironment);
-        if (!lpEnvironment) return FALSE;
+        if (!lpEnvironment) goto Cleanup;
     }
 
     /* Create Process Environment */
@@ -1254,7 +1280,7 @@
     {
         DPRINT1("Could not initialize Process Environment\n");
         SetLastErrorByStatus(Status);
-        return FALSE;
+        goto Cleanup;
     }
     
     /* Close the section */
@@ -1276,7 +1302,7 @@
         if (!NT_SUCCESS(Status))
         {
             DPRINT1("Failed to read memory\n");
-            return FALSE;
+            goto Cleanup;
         }
         
         /* Duplicate and write the handles */
@@ -1292,7 +1318,7 @@
     }
         
     /* Create the first thread */
-    DPRINT("Creating thread for process (EntryPoint = 0x%.08x)\n",
+    DPRINT("Creating thread for process (EntryPoint = 0x%p)\n",
             SectionImageInfo.TransferAddress);
     hThread = BasepCreateFirstThread(hProcess,
                                      lpThreadAttributes,
@@ -1302,7 +1328,8 @@
     if (hThread == NULL)
     {
         DPRINT1("Could not create Initial Thread\n");
-        return FALSE;
+        /* FIXME - set last error code */
+        goto Cleanup;
     }
 
     
@@ -1315,7 +1342,7 @@
     {
         DPRINT1("CSR Notification Failed");
         SetLastErrorByStatus(Status);
-        return FALSE;
+        goto Cleanup;
     }
     
     if (!(dwCreationFlags & CREATE_SUSPENDED))
@@ -1328,16 +1355,18 @@
     lpProcessInformation->dwThreadId = (DWORD)ClientId.UniqueThread;
     lpProcessInformation->hProcess = hProcess;
     lpProcessInformation->hThread = hThread;
-    DPRINT("hThread[%lx]: %lx inside hProcess[%lx]: %lx\n", hThread,
+    DPRINT("hThread[%p]: %p inside hProcess[%p]: %p\n", hThread,
             ClientId.UniqueThread, ClientId.UniqueProcess, hProcess);
     hProcess = hThread = NULL;
-            
+    Ret = TRUE;
+
+Cleanup:
     /* De-allocate heap strings */
-    if (NameBuffer) RtlFreeHeap(GetProcessHeap(), 0, NameBuffer);
+    if (NameBuffer) RtlFreeHeap(RtlGetProcessHeap(), 0, NameBuffer);
     if (ApplicationName.Buffer)
-        RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer);
-    if (CurrentDirectory) RtlFreeHeap(GetProcessHeap(), 0, CurrentDirectory);
-    if (QuotedCmdLine) RtlFreeHeap(GetProcessHeap(), 0, QuotedCmdLine);
+        RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer);
+    if (CurrentDirectory) RtlFreeHeap(RtlGetProcessHeap(), 0, CurrentDirectory);
+    if (QuotedCmdLine) RtlFreeHeap(RtlGetProcessHeap(), 0, QuotedCmdLine);
 
     /* Kill any handles still alive */
     if (hSection) NtClose(hSection);
@@ -1350,7 +1379,7 @@
     if (hProcess) NtClose(hProcess);
 
     /* Return Success */
-    return TRUE;
+    return Ret;
 }
 
 /*
@@ -1498,9 +1527,9 @@
     RtlFreeUnicodeString(&ApplicationName);
     RtlFreeUnicodeString(&LiveCommandLine);
     RtlFreeUnicodeString(&CurrentDirectory);
-    RtlFreeHeap(GetProcessHeap(), 0, StartupInfo.lpDesktop);
-    RtlFreeHeap(GetProcessHeap(), 0, StartupInfo.lpReserved);
-    RtlFreeHeap(GetProcessHeap(), 0, StartupInfo.lpTitle);
+    RtlFreeHeap(RtlGetProcessHeap(), 0, StartupInfo.lpDesktop);
+    RtlFreeHeap(RtlGetProcessHeap(), 0, StartupInfo.lpReserved);
+    RtlFreeHeap(RtlGetProcessHeap(), 0, StartupInfo.lpTitle);
 
     /* Return what Unicode did */
     return bRetVal;

Modified: trunk/reactos/lib/kernel32/process/proc.c
--- trunk/reactos/lib/kernel32/process/proc.c	2005-12-11 20:22:21 UTC (rev 20080)
+++ trunk/reactos/lib/kernel32/process/proc.c	2005-12-11 21:12:22 UTC (rev 20081)
@@ -489,12 +489,19 @@
 
   RtlAcquirePebLock ();
 
+  /* FIXME - not thread-safe */
   if (lpLocalStartupInfo == NULL)
     {
 	/* create new local startup info (ansi) */
 	lpLocalStartupInfo = RtlAllocateHeap (RtlGetProcessHeap (),
 	                                      0,
 	                                      sizeof(STARTUPINFOA));
+        if (lpLocalStartupInfo == NULL)
+        {
+            RtlReleasePebLock ();
+            SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+            return;
+        }
 
 	lpLocalStartupInfo->cb = sizeof(STARTUPINFOA);