Added some error checking after allocations. Part of bug #1110. Modified: trunk/reactos/lib/kernel32/misc/errormsg.c Modified: trunk/reactos/lib/kernel32/misc/profile.c _____ Modified: trunk/reactos/lib/kernel32/misc/errormsg.c --- trunk/reactos/lib/kernel32/misc/errormsg.c 2006-01-22 23:28:05 UTC (rev 20993) +++ trunk/reactos/lib/kernel32/misc/errormsg.c 2006-01-22 23:29:53 UTC (rev 20994) @@ -197,6 +197,12 @@ } } target = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, 100); + if(target == NULL) + { + HeapFree(GetProcessHeap(),0,from); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } t = target; talloced= 100; @@ -250,16 +256,37 @@ if (NULL!=(x=strchr(f,'!'))) { *x='\0'; fmtstr=HeapAlloc(GetProcessHeap(),0,strlen(f)+2); + if(fmtstr == NULL) + { + HeapFree(GetProcessHeap(),0,from); + HeapFree(GetProcessHeap(),0,target); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } sprintf(fmtstr,"%%%s",f); f=x+1; } else { fmtstr=HeapAlloc(GetProcessHeap(),0,strlen(f)+2); + if(fmtstr == NULL) + { + HeapFree(GetProcessHeap(),0,from); + HeapFree(GetProcessHeap(),0,target); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } sprintf(fmtstr,"%%%s",f); f+=strlen(f); /*at \0*/ } } else { if(!args) break; fmtstr = HeapAlloc(GetProcessHeap(),0,3); + if(fmtstr == NULL) + { + HeapFree(GetProcessHeap(),0,from); + HeapFree(GetProcessHeap(),0,target); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } strcpy( fmtstr, "%s" ); } if (args) { @@ -401,6 +428,11 @@ if (dwFlags & FORMAT_MESSAGE_FROM_STRING) { from = HeapAlloc( GetProcessHeap(), 0, (strlenW((LPCWSTR)lpSource) + 1) * sizeof(WCHAR) ); + if(from == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } strcpyW( from, (LPCWSTR)lpSource ); } else { @@ -418,6 +450,12 @@ } target = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, 100 * sizeof(WCHAR) ); + if(target == NULL) + { + HeapFree(GetProcessHeap(),0,from); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } t = target; talloced= 100; @@ -472,16 +510,37 @@ if (NULL!=(x=strchrW(f,'!'))) { *x='\0'; fmtstr=HeapAlloc( GetProcessHeap(), 0,(strlenW(f)+2)*sizeof(WCHAR)); + if(fmtstr == NULL) + { + HeapFree(GetProcessHeap(),0,from); + HeapFree(GetProcessHeap(),0,target); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } sprintfW(fmtstr,PCNTFMTWSTR,f); f=x+1; } else { fmtstr=HeapAlloc(GetProcessHeap(),0,(strlenW(f)+2)*sizeof(WCHAR)); + if(fmtstr == NULL) + { + HeapFree(GetProcessHeap(),0,from); + HeapFree(GetProcessHeap(),0,target); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } sprintfW(fmtstr,PCNTFMTWSTR,f); f+=strlenW(f); /*at \0*/ } } else { if(!args) break; fmtstr = HeapAlloc( GetProcessHeap(),0,3*sizeof(WCHAR)); + if(fmtstr == NULL) + { + HeapFree(GetProcessHeap(),0,from); + HeapFree(GetProcessHeap(),0,target); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + } strcpyW( fmtstr, FMTWSTR ); } _____ Modified: trunk/reactos/lib/kernel32/misc/profile.c --- trunk/reactos/lib/kernel32/misc/profile.c 2006-01-22 23:28:05 UTC (rev 20993) +++ trunk/reactos/lib/kernel32/misc/profile.c 2006-01-22 23:29:53 UTC (rev 20994) @@ -830,6 +830,11 @@ /* OK, now that CurProfile is definitely free we assign it our new file */ CurProfile->filename = HeapAlloc( GetProcessHeap(), 0, (wcslen(buffer)+1) * sizeof(WCHAR) ); + if(CurProfile->filename == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } wcscpy( CurProfile->filename, buffer ); if (hFile != INVALID_HANDLE_VALUE) @@ -1061,6 +1066,11 @@ DPRINT(" creating key\n"); } key->value = HeapAlloc( GetProcessHeap(), 0, (wcslen(value) + 1) * sizeof(WCHAR) ); + if(key->value == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } wcscpy( key->value, value ); CurProfile->changed = TRUE; } @@ -1126,6 +1136,11 @@ LPWSTR p; p = HeapAlloc(GetProcessHeap(), 0, (len + 1) * sizeof(WCHAR)); + if(p == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } memcpy(p, def_val, len * sizeof(WCHAR)); p[len] = '\0'; pDefVal = p; @@ -1482,6 +1497,12 @@ ret = TRUE; while(*string) { LPWSTR buf = HeapAlloc( GetProcessHeap(), 0, (wcslen(string)+1) * sizeof(WCHAR) ); + if(buf == NULL) + { + RtlLeaveCriticalSection( &PROFILE_CritSect ); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } wcscpy( buf, string ); if((p = wcschr( buf, '='))) { *p = '\0'; @@ -1759,6 +1780,11 @@ /* allocate string buffer for hex chars + checksum hex char + '\0' */ outstring = HeapAlloc( GetProcessHeap(), 0, (bufsize*2 + 2 + 1) * sizeof(WCHAR) ); + if(outstring == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } p = outstring; for (binbuf = (LPBYTE)buf; binbuf < (LPBYTE)buf+bufsize; binbuf++) {