Browse code
fix memory errors in new code (bb#793)
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Sun Jan 27 20:09:35 CET 2008 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/cab.c: fix memory errors in new code (bb#793) |
|
| 4 |
+ |
|
| 1 | 5 |
Sat Jan 26 20:03:30 CET 2008 (acab) |
| 2 | 6 |
----------------------------------- |
| 3 | 7 |
* libclamav/pdf.c: Zip module failure in pdf files - bb#617 |
| ... | ... |
@@ -161,15 +161,17 @@ void cab_free(struct cab_archive *cab) |
| 161 | 161 |
|
| 162 | 162 |
|
| 163 | 163 |
if(cab->state) {
|
| 164 |
- switch(cab->state->cmethod & 0x000f) {
|
|
| 165 |
- case 0x0001: |
|
| 166 |
- mszip_free(cab->state->stream); |
|
| 167 |
- break; |
|
| 168 |
- case 0x0002: |
|
| 169 |
- qtm_free(cab->state->stream); |
|
| 170 |
- break; |
|
| 171 |
- case 0x0003: |
|
| 172 |
- lzx_free(cab->state->stream); |
|
| 164 |
+ if(cab->state->stream) {
|
|
| 165 |
+ switch(cab->state->cmethod & 0x000f) {
|
|
| 166 |
+ case 0x0001: |
|
| 167 |
+ mszip_free(cab->state->stream); |
|
| 168 |
+ break; |
|
| 169 |
+ case 0x0002: |
|
| 170 |
+ qtm_free(cab->state->stream); |
|
| 171 |
+ break; |
|
| 172 |
+ case 0x0003: |
|
| 173 |
+ lzx_free(cab->state->stream); |
|
| 174 |
+ } |
|
| 173 | 175 |
} |
| 174 | 176 |
free(cab->state); |
| 175 | 177 |
} |
| ... | ... |
@@ -604,19 +606,21 @@ static int cab_unstore(struct cab_file *file, int bytes) |
| 604 | 604 |
#define CAB_CHGFOLDER \ |
| 605 | 605 |
if(!file->cab->actfol || (file->folder != file->cab->actfol)) { \
|
| 606 | 606 |
if(file->cab->state) { \
|
| 607 |
- switch(file->cab->state->cmethod & 0x000f) { \
|
|
| 608 |
- case 0x0001: \ |
|
| 609 |
- mszip_free(file->cab->state->stream); \ |
|
| 610 |
- break; \ |
|
| 611 |
- case 0x0002: \ |
|
| 612 |
- qtm_free(file->cab->state->stream); \ |
|
| 613 |
- break; \ |
|
| 614 |
- case 0x0003: \ |
|
| 615 |
- lzx_free(file->cab->state->stream); \ |
|
| 607 |
+ if(file->cab->state->stream) { \
|
|
| 608 |
+ switch(file->cab->state->cmethod & 0x000f) { \
|
|
| 609 |
+ case 0x0001: \ |
|
| 610 |
+ mszip_free(file->cab->state->stream); \ |
|
| 611 |
+ break; \ |
|
| 612 |
+ case 0x0002: \ |
|
| 613 |
+ qtm_free(file->cab->state->stream); \ |
|
| 614 |
+ break; \ |
|
| 615 |
+ case 0x0003: \ |
|
| 616 |
+ lzx_free(file->cab->state->stream); \ |
|
| 617 |
+ } \ |
|
| 616 | 618 |
} \ |
| 617 | 619 |
free(file->cab->state); \ |
| 620 |
+ file->cab->state = NULL; \ |
|
| 618 | 621 |
} \ |
| 619 |
- file->cab->actfol = file->folder; \ |
|
| 620 | 622 |
if(lseek(file->fd, file->folder->offset, SEEK_SET) == -1) { \
|
| 621 | 623 |
cli_dbgmsg("cab_extract: Can't lseek to %u\n", (unsigned int) file->folder->offset); \
|
| 622 | 624 |
return CL_EFORMAT; /* truncated file? */ \ |
| ... | ... |
@@ -638,10 +642,10 @@ static int cab_unstore(struct cab_file *file, int bytes) |
| 638 | 638 |
file->cab->state->stream = (struct lzx_stream *) lzx_init(file->fd, file->ofd, (int) (file->folder->cmethod >> 8) & 0x1f, 0, 4096, 0, file, &cab_read); \ |
| 639 | 639 |
} \ |
| 640 | 640 |
if((file->folder->cmethod & 0x000f) && !file->cab->state->stream) { \
|
| 641 |
- free(file->cab->state); \ |
|
| 642 | 641 |
close(file->ofd); \ |
| 643 | 642 |
return CL_EMSCAB; \ |
| 644 | 643 |
} \ |
| 644 |
+ file->cab->actfol = file->folder; \ |
|
| 645 | 645 |
} |
| 646 | 646 |
|
| 647 | 647 |
|
| ... | ... |
@@ -663,7 +667,6 @@ int cab_extract(struct cab_file *file, const char *name) |
| 663 | 663 |
file->ofd = open(name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU); |
| 664 | 664 |
if(file->ofd == -1) {
|
| 665 | 665 |
cli_errmsg("cab_extract: Can't open file %s in write mode\n", name);
|
| 666 |
- free(file->cab->state); |
|
| 667 | 666 |
return CL_EIO; |
| 668 | 667 |
} |
| 669 | 668 |
|