fixed some missing NULL checks, reported by M Bealby in bug #1110 Modified: trunk/reactos/lib/kernel32/misc/atom.c Modified: trunk/reactos/lib/kernel32/misc/env.c Modified: trunk/reactos/lib/kernel32/misc/lzexpand_main.c Modified: trunk/reactos/lib/kernel32/process/cmdline.c Modified: trunk/reactos/lib/kernel32/process/create.c Modified: trunk/reactos/lib/kernel32/process/proc.c _____

Modified: trunk/reactos/lib/kernel32/misc/atom.c --- trunk/reactos/lib/kernel32/misc/atom.c 2005-12-11 20:22:21 UTC (rev 20080) +++ trunk/reactos/lib/kernel32/misc/atom.c 2005-12-11 21:12:22 UTC (rev 20081) @@ -238,6 +238,11 @@

Buffer = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, BufferSize); + if (Buffer == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + }

Status = NtQueryInformationAtom(nAtom, AtomBasicInformation, @@ -249,6 +254,7 @@ RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + SetLastErrorByStatus(Status); return 0; }

@@ -287,6 +293,11 @@ Buffer = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, BufferSize); + if (Buffer == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + }

Status = NtQueryInformationAtom(nAtom, AtomBasicInformation, @@ -298,6 +309,7 @@ RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + SetLastErrorByStatus(Status); return 0; }

@@ -552,6 +564,11 @@ Buffer = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, NameLength); + if (Buffer == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + }

Status = RtlQueryAtomInAtomTable(AtomTable, nAtom, @@ -564,6 +581,7 @@ RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + SetLastErrorByStatus(Status); return 0; }

_____

Modified: trunk/reactos/lib/kernel32/misc/env.c --- trunk/reactos/lib/kernel32/misc/env.c 2005-12-11 20:22:21 UTC (rev 20080) +++ trunk/reactos/lib/kernel32/misc/env.c 2005-12-11 21:12:22 UTC (rev 20081) @@ -290,6 +290,11 @@

EnvPtr = RtlAllocateHeap (RtlGetProcessHeap (), 0, Length + 1); + if (EnvPtr == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return NULL; + } DPRINT("EnvPtr %p\n", EnvPtr);

/* convert unicode environment to ansi */ @@ -392,9 +397,14 @@

RtlInitAnsiString (&Source, (LPSTR)lpSrc); - RtlAnsiStringToUnicodeString (&SourceU, - &Source, - TRUE); + Status = RtlAnsiStringToUnicodeString (&SourceU, + &Source, + TRUE); + if (!NT_SUCCESS(Status)) + { + SetLastErrorByStatus (Status); + return 0; + }

Destination.Length = 0; Destination.MaximumLength = nSize; @@ -405,6 +415,12 @@ DestinationU.Buffer = RtlAllocateHeap (RtlGetProcessHeap (), 0,

DestinationU.MaximumLength); + if (DestinationU.Buffer == NULL) + { + RtlFreeUnicodeString(&SourceU); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return 0; + }

Status = RtlExpandEnvironmentStrings_U (NULL, &SourceU, _____

Modified: trunk/reactos/lib/kernel32/misc/lzexpand_main.c --- trunk/reactos/lib/kernel32/misc/lzexpand_main.c 2005-12-11 20:22:21 UTC (rev 20080) +++ trunk/reactos/lib/kernel32/misc/lzexpand_main.c 2005-12-11 21:12:22 UTC (rev 20081) @@ -294,14 +294,23 @@

INT WINAPI GetExpandedNameW( LPWSTR in, LPWSTR out ) { INT ret; - DWORD len = WideCharToMultiByte( CP_ACP, 0, in, -1, NULL, 0, NULL, NULL ); - char *xin = RtlAllocateHeap( GetProcessHeap(), 0, len ); - char *xout = RtlAllocateHeap( GetProcessHeap(), 0, len+3 ); + DWORD len; + char *xin, *xout; + len = WideCharToMultiByte( CP_ACP, 0, in, -1, NULL, 0, NULL, NULL ); + xin = RtlAllocateHeap( RtlGetProcessHeap(), 0, len ); + if (xin == NULL) + return LZERROR_BADVALUE; + xout = RtlAllocateHeap( RtlGetProcessHeap(), 0, len+3 ); + if (xout == NULL) + { + RtlFreeHeap( RtlGetProcessHeap(), 0, xin ); + return LZERROR_BADVALUE; + } WideCharToMultiByte( CP_ACP, 0, in, -1, xin, len, NULL, NULL ); if ((ret = GetExpandedNameA( xin, xout )) > 0) MultiByteToWideChar( CP_ACP, 0, xout, -1, out, wcslen(in)+4 ); - RtlFreeHeap( GetProcessHeap(), 0, xin ); - RtlFreeHeap( GetProcessHeap(), 0, xout ); + RtlFreeHeap( RtlGetProcessHeap(), 0, xin ); + RtlFreeHeap( RtlGetProcessHeap(), 0, xout ); return ret; }

_____

Modified: trunk/reactos/lib/kernel32/process/cmdline.c --- trunk/reactos/lib/kernel32/process/cmdline.c 2005-12-11 20:22:21 UTC (rev 20080) +++ trunk/reactos/lib/kernel32/process/cmdline.c 2005-12-11 21:12:22 UTC (rev 20081) @@ -32,6 +32,8 @@

{ PRTL_USER_PROCESS_PARAMETERS Params;

+ /* FIXME - not thread-safe! */ + // get command line Params = NtCurrentPeb()->ProcessParameters; RtlNormalizeProcessParams (Params); @@ -42,6 +44,10 @@ CommandLineStringW.Buffer = RtlAllocateHeap(GetProcessHeap(),

HEAP_GENERATE_EXCEPTIONS|HEAP_ZERO_MEMORY,

CommandLineStringW.MaximumLength); + if (CommandLineStringW.Buffer == NULL) + { + return; + }

RtlInitAnsiString(&CommandLineStringA, NULL);

_____

Modified: trunk/reactos/lib/kernel32/process/create.c --- trunk/reactos/lib/kernel32/process/create.c 2005-12-11 20:22:21 UTC (rev 20080) +++ trunk/reactos/lib/kernel32/process/create.c 2005-12-11 21:12:22 UTC (rev 20081) @@ -160,7 +160,11 @@

&Context, &InitialTeb, TRUE); - + if (!NT_SUCCESS(Status)) + { + return NULL; + } + /* Success */ return hThread; } @@ -603,7 +607,7 @@ NULL);

/* Cleanup */ - RtlFreeHeap(GetProcessHeap(), 0, DllPath.Buffer); + RtlFreeHeap(RtlGetProcessHeap(), 0, DllPath.Buffer); RtlDestroyProcessParameters(ProcessParameters);

DPRINT("Completed\n"); @@ -635,10 +639,10 @@ BOOLEAN FoundQuotes = FALSE; BOOLEAN QuotesNeeded = FALSE; BOOLEAN CmdLineIsAppName = FALSE; - UNICODE_STRING ApplicationName; + UNICODE_STRING ApplicationName = {0}; OBJECT_ATTRIBUTES LocalObjectAttributes; POBJECT_ATTRIBUTES ObjectAttributes; - HANDLE hSection, hProcess, hThread; + HANDLE hSection = NULL, hProcess = NULL, hThread = NULL; SECTION_IMAGE_INFORMATION SectionImageInfo; LPWSTR CurrentDirectory = NULL; LPWSTR CurrentDirectoryPart; @@ -662,6 +666,7 @@ PPEB OurPeb = NtCurrentPeb(); PPEB RemotePeb; SIZE_T EnvSize = 0; + BOOL Ret = FALSE;

DPRINT("CreateProcessW: lpApplicationName: %S lpCommandLine: %S" " lpEnvironment: %p lpCurrentDirectory: %S dwCreationFlags: %lx\n", @@ -767,9 +772,14 @@ if (!lpApplicationName) { /* The fun begins */ - NameBuffer = RtlAllocateHeap(GetProcessHeap(), + NameBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, MAX_PATH * sizeof(WCHAR)); + if (NameBuffer == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + goto Cleanup; + }

/* This is all we have to work with :( */ lpApplicationName = lpCommandLine; @@ -929,7 +939,7 @@ }

/* We totally failed */ - return FALSE; + goto Cleanup; }

/* Put back the command line */ @@ -963,8 +973,8 @@ if ((BasepCheckDosApp(&ApplicationName))) { DPRINT1("Launching VDM...\n"); - RtlFreeHeap(GetProcessHeap(), 0, NameBuffer); - RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer); + RtlFreeHeap(RtlGetProcessHeap(), 0, NameBuffer); + RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer); return CreateProcessW(L"ntvdm.exe", (LPWSTR)lpApplicationName, lpProcessAttributes, @@ -996,9 +1006,14 @@ CmdLineLength *= sizeof(WCHAR);

/* Allocate space for the new command line */ - BatchCommandLine = RtlAllocateHeap(GetProcessHeap(), + BatchCommandLine = RtlAllocateHeap(RtlGetProcessHeap(), 0, CmdLineLength); + if (BatchCommandLine == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + goto Cleanup; + }

/* Build it */ wcscpy(BatchCommandLine, CMD_STRING); @@ -1020,7 +1035,7 @@ lpApplicationName = NULL;

/* Free memory */ - RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer); + RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer); ApplicationName.Buffer = NULL; goto GetAppName; break; @@ -1029,8 +1044,8 @@

/* It's a Win16 Image, use VDM */ DPRINT1("Launching VDM...\n"); - RtlFreeHeap(GetProcessHeap(), 0, NameBuffer); - RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer); + RtlFreeHeap(RtlGetProcessHeap(), 0, NameBuffer); + RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer); return CreateProcessW(L"ntvdm.exe", (LPWSTR)lpApplicationName, lpProcessAttributes, @@ -1045,7 +1060,7 @@ default: /* Invalid Image Type */ SetLastError(ERROR_BAD_EXE_FORMAT); - return FALSE; + goto Cleanup; } }

@@ -1067,19 +1082,17 @@ NULL); if(!NT_SUCCESS(Status)) { - NtClose(hSection); DPRINT1("Unable to get SectionImageInformation, status 0x%x\n", Status); SetLastErrorByStatus(Status); - return FALSE; + goto Cleanup; }

/* Don't execute DLLs */ if (SectionImageInfo.ImageCharacteristics & IMAGE_FILE_DLL) { - NtClose(hSection); DPRINT1("Can't execute a DLL\n"); SetLastError(ERROR_BAD_EXE_FORMAT); - return FALSE; + goto Cleanup; }

/* FIXME: Check for Debugger */ @@ -1090,10 +1103,9 @@ if (IMAGE_SUBSYSTEM_WINDOWS_GUI != SectionImageInfo.SubsystemType && IMAGE_SUBSYSTEM_WINDOWS_CUI != SectionImageInfo.SubsystemType) { - NtClose(hSection); DPRINT1("Invalid subsystem %d\n", SectionImageInfo.SubsystemType); SetLastError(ERROR_BAD_EXE_FORMAT); - return FALSE; + goto Cleanup; }

/* Initialize the process object attributes */ @@ -1112,10 +1124,9 @@ NULL); if(!NT_SUCCESS(Status)) { - NtClose(hSection); DPRINT1("Unable to create process, status 0x%x\n", Status); SetLastErrorByStatus(Status); - return FALSE; + goto Cleanup; }

/* Set new class */ @@ -1125,11 +1136,9 @@ sizeof(PROCESS_PRIORITY_CLASS)); if(!NT_SUCCESS(Status)) { - NtClose(hProcess); - NtClose(hSection); DPRINT1("Unable to set new process priority, status 0x%x\n", Status); SetLastErrorByStatus(Status); - return FALSE; + goto Cleanup; }

/* Set Error Mode */ @@ -1146,9 +1155,15 @@ if (lpCurrentDirectory) { /* Allocate a buffer */ - CurrentDirectory = RtlAllocateHeap(GetProcessHeap(), + CurrentDirectory = RtlAllocateHeap(RtlGetProcessHeap(), 0, - MAX_PATH * sizeof(WCHAR) + 2); + (MAX_PATH + 1) * sizeof(WCHAR)); + if (CurrentDirectory == NULL) + { + DPRINT1("Cannot allocate memory for directory name\n"); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + goto Cleanup; + }

/* Get the length */ if (GetFullPathNameW(lpCurrentDirectory, @@ -1158,7 +1173,7 @@ { DPRINT1("Directory name too long\n"); SetLastError(ERROR_DIRECTORY); - return FALSE; + goto Cleanup; } }

@@ -1166,10 +1181,16 @@ if (QuotesNeeded || CmdLineIsAppName) { /* Allocate a buffer */ - QuotedCmdLine = RtlAllocateHeap(GetProcessHeap(), + QuotedCmdLine = RtlAllocateHeap(RtlGetProcessHeap(), 0, (wcslen(lpCommandLine) + 2 + 1) * sizeof(WCHAR)); + if (QuotedCmdLine == NULL) + { + DPRINT1("Cannot allocate memory for quoted command line\n"); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + goto Cleanup; + }

/* Copy the first quote */ wcscpy(QuotedCmdLine, L"""); @@ -1199,9 +1220,14 @@ { if (QuotedCmdLine == NULL) { - QuotedCmdLine = RtlAllocateHeap(GetProcessHeap(), + QuotedCmdLine = RtlAllocateHeap(RtlGetProcessHeap(), 0, (wcslen(lpCommandLine) + 1) * sizeof(WCHAR)); + if (QuotedCmdLine == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + goto Cleanup; + } wcscpy(QuotedCmdLine, lpCommandLine); }

@@ -1227,7 +1253,7 @@ if(lpEnvironment && !(dwCreationFlags & CREATE_UNICODE_ENVIRONMENT)) { lpEnvironment = BasepConvertUnicodeEnvironment(&EnvSize, lpEnvironment); - if (!lpEnvironment) return FALSE; + if (!lpEnvironment) goto Cleanup; }

/* Create Process Environment */ @@ -1254,7 +1280,7 @@ { DPRINT1("Could not initialize Process Environment\n"); SetLastErrorByStatus(Status); - return FALSE; + goto Cleanup; }

/* Close the section */ @@ -1276,7 +1302,7 @@ if (!NT_SUCCESS(Status)) { DPRINT1("Failed to read memory\n"); - return FALSE; + goto Cleanup; }

/* Duplicate and write the handles */ @@ -1292,7 +1318,7 @@ }

/* Create the first thread */ - DPRINT("Creating thread for process (EntryPoint = 0x%.08x)\n", + DPRINT("Creating thread for process (EntryPoint = 0x%p)\n", SectionImageInfo.TransferAddress); hThread = BasepCreateFirstThread(hProcess, lpThreadAttributes, @@ -1302,7 +1328,8 @@ if (hThread == NULL) { DPRINT1("Could not create Initial Thread\n"); - return FALSE; + /* FIXME - set last error code */ + goto Cleanup; }

@@ -1315,7 +1342,7 @@ { DPRINT1("CSR Notification Failed"); SetLastErrorByStatus(Status); - return FALSE; + goto Cleanup; }

if (!(dwCreationFlags & CREATE_SUSPENDED)) @@ -1328,16 +1355,18 @@ lpProcessInformation->dwThreadId = (DWORD)ClientId.UniqueThread; lpProcessInformation->hProcess = hProcess; lpProcessInformation->hThread = hThread; - DPRINT("hThread[%lx]: %lx inside hProcess[%lx]: %lx\n", hThread, + DPRINT("hThread[%p]: %p inside hProcess[%p]: %p\n", hThread, ClientId.UniqueThread, ClientId.UniqueProcess, hProcess); hProcess = hThread = NULL; - + Ret = TRUE; + +Cleanup: /* De-allocate heap strings */ - if (NameBuffer) RtlFreeHeap(GetProcessHeap(), 0, NameBuffer); + if (NameBuffer) RtlFreeHeap(RtlGetProcessHeap(), 0, NameBuffer); if (ApplicationName.Buffer) - RtlFreeHeap(GetProcessHeap(), 0, ApplicationName.Buffer); - if (CurrentDirectory) RtlFreeHeap(GetProcessHeap(), 0, CurrentDirectory); - if (QuotedCmdLine) RtlFreeHeap(GetProcessHeap(), 0, QuotedCmdLine); + RtlFreeHeap(RtlGetProcessHeap(), 0, ApplicationName.Buffer); + if (CurrentDirectory) RtlFreeHeap(RtlGetProcessHeap(), 0, CurrentDirectory); + if (QuotedCmdLine) RtlFreeHeap(RtlGetProcessHeap(), 0, QuotedCmdLine);

/* Kill any handles still alive */ if (hSection) NtClose(hSection); @@ -1350,7 +1379,7 @@ if (hProcess) NtClose(hProcess);

/* Return Success */ - return TRUE; + return Ret; }

/* @@ -1498,9 +1527,9 @@ RtlFreeUnicodeString(&ApplicationName); RtlFreeUnicodeString(&LiveCommandLine); RtlFreeUnicodeString(&CurrentDirectory); - RtlFreeHeap(GetProcessHeap(), 0, StartupInfo.lpDesktop); - RtlFreeHeap(GetProcessHeap(), 0, StartupInfo.lpReserved); - RtlFreeHeap(GetProcessHeap(), 0, StartupInfo.lpTitle); + RtlFreeHeap(RtlGetProcessHeap(), 0, StartupInfo.lpDesktop); + RtlFreeHeap(RtlGetProcessHeap(), 0, StartupInfo.lpReserved); + RtlFreeHeap(RtlGetProcessHeap(), 0, StartupInfo.lpTitle);

/* Return what Unicode did */ return bRetVal; _____

Modified: trunk/reactos/lib/kernel32/process/proc.c --- trunk/reactos/lib/kernel32/process/proc.c 2005-12-11 20:22:21 UTC (rev 20080) +++ trunk/reactos/lib/kernel32/process/proc.c 2005-12-11 21:12:22 UTC (rev 20081) @@ -489,12 +489,19 @@

RtlAcquirePebLock ();

+ /* FIXME - not thread-safe */ if (lpLocalStartupInfo == NULL) { /* create new local startup info (ansi) */ lpLocalStartupInfo = RtlAllocateHeap (RtlGetProcessHeap (), 0, sizeof(STARTUPINFOA)); + if (lpLocalStartupInfo == NULL) + { + RtlReleasePebLock (); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return; + }

lpLocalStartupInfo->cb = sizeof(STARTUPINFOA);