Browse code
Fix possible memory leak, and add more sanity checks.
| ... | ... |
@@ -1,3 +1,6 @@ |
| 1 |
+Sat Feb 17 11:20:17 CET 2007 (edwin) |
|
| 2 |
+ * libclamav/rtf.c: Fix possible memory leak, and add more sanity checks. |
|
| 3 |
+ |
|
| 1 | 4 |
Sat Feb 17 02:34:17 CET 2007 (acab) |
| 2 | 5 |
----------------------------------- |
| 3 | 6 |
* libclamav/rtf.c: Don't spin on on cli_readn (bb#312) - patch from Edvin |
| ... | ... |
@@ -190,7 +190,7 @@ static int pop_state(struct stack* stack,struct rtf_state* state) |
| 190 | 190 |
} |
| 191 | 191 |
if(!stack->stack_cnt) {
|
| 192 | 192 |
if(!stack->warned) {
|
| 193 |
- cli_dbgmsg("Warning: attempt to pop from empty stack!\n");
|
|
| 193 |
+ cli_dbgmsg("Warning: attempt to pop from empty stack!\n");
|
|
| 194 | 194 |
stack->warned = 1; |
| 195 | 195 |
} |
| 196 | 196 |
*state = base_state;/* lets assume we give it a base state */ |
| ... | ... |
@@ -482,15 +482,17 @@ static void rtf_action(struct rtf_state* state,long action) |
| 482 | 482 |
|
| 483 | 483 |
static void cleanup_stack(struct stack* stack,struct rtf_state* state,cli_ctx* ctx) |
| 484 | 484 |
{
|
| 485 |
- while(stack && stack->stack_cnt && state->default_elements) {
|
|
| 485 |
+ while(stack && stack->stack_cnt /* && state->default_elements*/) {
|
|
| 486 | 486 |
pop_state(stack,state); |
| 487 |
- if(state->cb_begin) |
|
| 487 |
+ if(state->cb_data && state->cb_end) |
|
| 488 | 488 |
state->cb_end(state,ctx); |
| 489 | 489 |
} |
| 490 | 490 |
} |
| 491 | 491 |
|
| 492 | 492 |
|
| 493 | 493 |
#define SCAN_CLEANUP \ |
| 494 |
+ if(state.cb_data && state.cb_end)\ |
|
| 495 |
+ state.cb_end(&state,ctx);\ |
|
| 494 | 496 |
tableDestroy(actiontable);\ |
| 495 | 497 |
cleanup_stack(&stack,&state,ctx);\ |
| 496 | 498 |
free(buff);\ |
| ... | ... |
@@ -573,7 +575,7 @@ int cli_scanrtf(int desc, cli_ctx *ctx) |
| 573 | 573 |
} |
| 574 | 574 |
break; |
| 575 | 575 |
case '}': |
| 576 |
- if(state.cb_data) |
|
| 576 |
+ if(state.cb_data && state.cb_end) |
|
| 577 | 577 |
if(( ret = state.cb_end(&state, ctx) )) {
|
| 578 | 578 |
SCAN_CLEANUP; |
| 579 | 579 |
return ret; |
| ... | ... |
@@ -673,8 +675,14 @@ int cli_scanrtf(int desc, cli_ctx *ctx) |
| 673 | 673 |
|
| 674 | 674 |
state.controlword[state.controlword_cnt] = '\0'; |
| 675 | 675 |
action = tableFind(actiontable, state.controlword); |
| 676 |
- if(action != -1) |
|
| 676 |
+ if(action != -1) {
|
|
| 677 |
+ if(state.cb_data && state.cb_end) {/* premature end of previous block */
|
|
| 678 |
+ state.cb_end(&state,ctx); |
|
| 679 |
+ state.cb_end = NULL; |
|
| 680 |
+ state.cb_data = NULL; |
|
| 681 |
+ } |
|
| 677 | 682 |
rtf_action(&state,action); |
| 683 |
+ } |
|
| 678 | 684 |
state.parse_state = PARSE_MAIN; |
| 679 | 685 |
break; |
| 680 | 686 |
} |