[OpenWrt-Devel] [PATCH] [package] libubox: fix segment fault for out-of-memory

ewolfok ewolfok at 126.com
Tue Jul 8 09:43:58 EDT 2014


HI, all

this is a patch try to fix libubox's segment fault for out-of-memory

Best regards

Signed-off-by:Chen Bin <ewolfok at 126.com>
---
diff --git a/blob.c b/blob.c
index 10c1f49..ec8617b 100644
--- a/blob.c
+++ b/blob.c
@@ -21,12 +21,15 @@
 static bool
 blob_buffer_grow(struct blob_buf *buf, int minlen)
 {
+	struct blob_buf *new;
 	int delta = ((minlen / 256) + 1) * 256;
-	buf->buflen += delta;
-	buf->buf = realloc(buf->buf, buf->buflen);
-	if (buf->buf)
-		memset(buf->buf + buf->buflen - delta, 0, delta);
-	return !!buf->buf;
+	new = realloc(buf->buf, buf->buflen + delta);
+	if (new) {
+		buf->buf = new;
+		memset(buf->buf + buf->buflen, 0, delta);
+		buf->buflen += delta;
+	}
+	return !!new;
 }
 
 static void
@@ -50,15 +53,16 @@ attr_to_offset(struct blob_buf *buf, struct blob_attr *attr)
 	return (char *)attr - (char *) buf->buf + BLOB_COOKIE;
 }
 
-void
+bool
 blob_buf_grow(struct blob_buf *buf, int required)
 {
 	int offset_head = attr_to_offset(buf, buf->head);
 
 	if (!buf->grow || !buf->grow(buf, required))
-		return;
+		return false;
 
 	buf->head = offset_to_attr(buf, offset_head);
+	return true;
 }
 
 static struct blob_attr *
@@ -69,7 +73,8 @@ blob_add(struct blob_buf *buf, struct blob_attr *pos, int id, int payload)
 	struct blob_attr *attr;
 
 	if (required > 0) {
-		blob_buf_grow(buf, required);
+		if (!blob_buf_grow(buf, required))
+			return NULL;
 		attr = offset_to_attr(buf, offset);
 	} else {
 		attr = pos;
@@ -142,6 +147,8 @@ blob_put_raw(struct blob_buf *buf, const void *ptr, unsigned int len)
 		return NULL;
 
 	attr = blob_add(buf, blob_next(buf->head), 0, len - sizeof(struct blob_attr));
+	if (!attr)
+		return NULL;
 	blob_set_raw_len(buf->head, blob_pad_len(buf->head) + len);
 	memcpy(attr, ptr, len);
 	return attr;
@@ -166,6 +173,8 @@ blob_nest_start(struct blob_buf *buf, int id)
 {
 	unsigned long offset = attr_to_offset(buf, buf->head);
 	buf->head = blob_new(buf, id, 0);
+	if (!buf->head)
+		return NULL;
 	return (void *) offset;
 }
 
diff --git a/blobmsg.c b/blobmsg.c
index f317152..ce9e4dd 100644
--- a/blobmsg.c
+++ b/blobmsg.c
@@ -212,6 +212,8 @@ blobmsg_open_nested(struct blob_buf *buf, const char *name, bool array)
 		name = "";
 
 	head = blobmsg_new(buf, type, name, 0, &data);
+	if (!head)
+		return NULL;
 	blob_set_raw_len(buf->head, blob_pad_len(buf->head) - blobmsg_hdrlen(strlen(name)));
 	buf->head = head;
 	return (void *)offset;
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list