fixed some missing NULL checks, reported by M Bealby in bug #1110 Modified: trunk/reactos/lib/kernel32/file/dir.c Modified: trunk/reactos/lib/kernel32/file/npipe.c Modified: trunk/reactos/lib/kernel32/file/volume.c _____
Modified: trunk/reactos/lib/kernel32/file/dir.c --- trunk/reactos/lib/kernel32/file/dir.c 2005-12-11 19:42:08 UTC (rev 20078) +++ trunk/reactos/lib/kernel32/file/dir.c 2005-12-11 20:04:38 UTC (rev 20079) @@ -828,16 +828,17 @@
LPSTR *lpFilePart ) { - UNICODE_STRING PathU; - UNICODE_STRING FileNameU; - UNICODE_STRING ExtensionU; - UNICODE_STRING BufferU; + UNICODE_STRING PathU = {0}; + UNICODE_STRING FileNameU = {0}; + UNICODE_STRING ExtensionU = {0}; + UNICODE_STRING BufferU = {0}; ANSI_STRING Path; ANSI_STRING FileName; ANSI_STRING Extension; ANSI_STRING Buffer; PWCHAR FilePartW; - DWORD RetValue; + DWORD RetValue = 0; + NTSTATUS Status = STATUS_SUCCESS;
RtlInitAnsiString (&Path, (LPSTR)lpPath); @@ -849,36 +850,54 @@ /* convert ansi (or oem) strings to unicode */ if (bIsFileApiAnsi) { - RtlAnsiStringToUnicodeString (&PathU, - &Path, - TRUE); - RtlAnsiStringToUnicodeString (&FileNameU, - &FileName, - TRUE); - RtlAnsiStringToUnicodeString (&ExtensionU, - &Extension, - TRUE); + Status = RtlAnsiStringToUnicodeString (&PathU, + &Path, + TRUE); + if (!NT_SUCCESS(Status)) + goto Cleanup; + + Status = RtlAnsiStringToUnicodeString (&FileNameU, + &FileName, + TRUE); + if (!NT_SUCCESS(Status)) + goto Cleanup; + + Status = RtlAnsiStringToUnicodeString (&ExtensionU, + &Extension, + TRUE); + if (!NT_SUCCESS(Status)) + goto Cleanup; } else { - RtlOemStringToUnicodeString (&PathU, - &Path, - TRUE); - RtlOemStringToUnicodeString (&FileNameU, - &FileName, - TRUE); - RtlOemStringToUnicodeString (&ExtensionU, - &Extension, - TRUE); + Status = RtlOemStringToUnicodeString (&PathU, + &Path, + TRUE); + if (!NT_SUCCESS(Status)) + goto Cleanup; + Status = RtlOemStringToUnicodeString (&FileNameU, + &FileName, + TRUE); + if (!NT_SUCCESS(Status)) + goto Cleanup; + + Status = RtlOemStringToUnicodeString (&ExtensionU, + &Extension, + TRUE); + if (!NT_SUCCESS(Status)) + goto Cleanup; }
- BufferU.Length = 0; BufferU.MaximumLength = nBufferLength * sizeof(WCHAR); BufferU.Buffer = RtlAllocateHeap (RtlGetProcessHeap (), 0, BufferU.MaximumLength); + if (BufferU.Buffer == NULL) + { + Status = STATUS_NO_MEMORY; + goto Cleanup; + }
- Buffer.Length = 0; Buffer.MaximumLength = nBufferLength; Buffer.Buffer = lpBuffer;
@@ -889,16 +908,6 @@ BufferU.Buffer, &FilePartW);
- RtlFreeHeap (RtlGetProcessHeap (), - 0, - PathU.Buffer); - RtlFreeHeap (RtlGetProcessHeap (), - 0, - FileNameU.Buffer); - RtlFreeHeap (RtlGetProcessHeap (), - 0, - ExtensionU.Buffer); - if (0 != RetValue) { BufferU.Length = wcslen(BufferU.Buffer) * sizeof(WCHAR); @@ -913,15 +922,31 @@ FALSE); /* nul-terminate ascii string */ Buffer.Buffer[BufferU.Length / sizeof(WCHAR)] = '\0'; + + if (NULL != lpFilePart && BufferU.Length != 0) + { + *lpFilePart = strrchr (lpBuffer, '\') + 1; + } }
+Cleanup: RtlFreeHeap (RtlGetProcessHeap (), 0, + PathU.Buffer); + RtlFreeHeap (RtlGetProcessHeap (), + 0, + FileNameU.Buffer); + RtlFreeHeap (RtlGetProcessHeap (), + 0, + ExtensionU.Buffer); + RtlFreeHeap (RtlGetProcessHeap (), + 0, BufferU.Buffer);
- if (NULL != lpFilePart) + if (!NT_SUCCESS(Status)) { - *lpFilePart = strrchr (lpBuffer, '\') + 1; + SetLastErrorByStatus(Status); + return 0; }
return RetValue; @@ -1032,9 +1057,14 @@ if (lpPath == NULL) {
- AppPathW = (PWCHAR) RtlAllocateHeap(GetProcessHeap(), + AppPathW = (PWCHAR) RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_GENERATE_EXCEPTIONS|HEAP_ZERO_MEMORY, MAX_PATH * sizeof(WCHAR)); + if (AppPathW == NULL) + { + SetLastError(ERROR_OUTOFMEMORY); + return 0; + }
wcscat (AppPathW, NtCurrentPeb()->ProcessParameters->ImagePathName.Buffer); @@ -1052,11 +1082,12 @@ len += 1 + GetWindowsDirectoryW(&Buffer, 0); len += 1 + wcslen(AppPathW) * sizeof(WCHAR);
- EnvironmentBufferW = (PWCHAR) RtlAllocateHeap(GetProcessHeap(), + EnvironmentBufferW = (PWCHAR) RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_GENERATE_EXCEPTIONS|HEAP_ZERO_MEMORY, len * sizeof(WCHAR)); if (EnvironmentBufferW == NULL) { + RtlFreeHeap(RtlGetProcessHeap(), 0, AppPathW); SetLastError(ERROR_OUTOFMEMORY); return 0; } _____
Modified: trunk/reactos/lib/kernel32/file/npipe.c --- trunk/reactos/lib/kernel32/file/npipe.c 2005-12-11 19:42:08 UTC (rev 20078) +++ trunk/reactos/lib/kernel32/file/npipe.c 2005-12-11 20:04:38 UTC (rev 20079) @@ -353,6 +353,16 @@
return FALSE; }
+ /* Now calculate the total length of the structure and allocate it */ + WaitPipeInfoSize = FIELD_OFFSET(FILE_PIPE_WAIT_FOR_BUFFER, Name[0]) + + NewName.Length; + WaitPipeInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, WaitPipeInfoSize); + if (WaitPipeInfo == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } + /* Initialize the object attributes */ DPRINT("Opening: %wZ\n", &DevicePath); InitializeObjectAttributes(&ObjectAttributes, @@ -374,14 +384,10 @@ DPRINT1("Status: %lx\n", Status); SetLastErrorByStatus(Status); RtlFreeUnicodeString(&NamedPipeName); + RtlFreeHeap(RtlGetProcessHeap(), 0, WaitPipeInfo); return(FALSE); }
- /* Now calculate the total length of the structure and allocate it */ - WaitPipeInfoSize = FIELD_OFFSET(FILE_PIPE_WAIT_FOR_BUFFER, Name[0]) + - NewName.Length; - WaitPipeInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, WaitPipeInfoSize); - /* Check what timeout we got */ if (nTimeOut == NMPWAIT_USE_DEFAULT_WAIT) { @@ -1022,6 +1028,11 @@ /* Calculate the buffer space that we'll need and allocate it */ BufferSize = nBufferSize + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]); Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferSize); + if (Buffer == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + }
/* Tell the driver to seek */ Status = NtFsControlFile(hNamedPipe, _____
Modified: trunk/reactos/lib/kernel32/file/volume.c --- trunk/reactos/lib/kernel32/file/volume.c 2005-12-11 19:42:08 UTC (rev 20078) +++ trunk/reactos/lib/kernel32/file/volume.c 2005-12-11 20:04:38 UTC (rev 20079) @@ -444,7 +444,7 @@
) { UNICODE_STRING FileSystemNameU; - UNICODE_STRING VolumeNameU; + UNICODE_STRING VolumeNameU = {0}; ANSI_STRING VolumeName; ANSI_STRING FileSystemName; PWCHAR RootPathNameW; @@ -455,11 +455,14 @@
if (lpVolumeNameBuffer) { - VolumeNameU.Length = 0; VolumeNameU.MaximumLength = nVolumeNameSize * sizeof(WCHAR); VolumeNameU.Buffer = RtlAllocateHeap (RtlGetProcessHeap (), 0, VolumeNameU.MaximumLength); + if (VolumeNameU.Buffer == NULL) + { + goto FailNoMem; + } }
if (lpFileSystemNameBuffer) @@ -469,6 +472,19 @@ FileSystemNameU.Buffer = RtlAllocateHeap (RtlGetProcessHeap (), 0,
FileSystemNameU.MaximumLength); + if (FileSystemNameU.Buffer == NULL) + { + if (VolumeNameU.Buffer != NULL) + { + RtlFreeHeap(RtlGetProcessHeap(), + 0, + VolumeNameU.Buffer); + } + +FailNoMem: + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } }
Result = GetVolumeInformationW (RootPathNameW, @@ -724,6 +740,11 @@ 0, sizeof(FILE_FS_LABEL_INFORMATION) + LabelLength); + if (LabelInfo == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; + } LabelInfo->VolumeLabelLength = LabelLength; memcpy(LabelInfo->VolumeLabel, lpVolumeName,
-
weiden@svn.reactos.com