git-svn: trunk@2759
Török Edvin authored on 2007/02/18 04:23:39... | ... |
@@ -1,3 +1,6 @@ |
1 |
+Sat Feb 17 11:20:17 CET 2007 (edwin) |
|
2 |
+ * libclamav/rtf.c: Fix possible memory leak, and add more sanity checks. |
|
3 |
+ |
|
1 | 4 |
Sat Feb 17 02:34:17 CET 2007 (acab) |
2 | 5 |
----------------------------------- |
3 | 6 |
* libclamav/rtf.c: Don't spin on on cli_readn (bb#312) - patch from Edvin |
... | ... |
@@ -190,7 +190,7 @@ static int pop_state(struct stack* stack,struct rtf_state* state) |
190 | 190 |
} |
191 | 191 |
if(!stack->stack_cnt) { |
192 | 192 |
if(!stack->warned) { |
193 |
- cli_dbgmsg("Warning: attempt to pop from empty stack!\n"); |
|
193 |
+ cli_dbgmsg("Warning: attempt to pop from empty stack!\n"); |
|
194 | 194 |
stack->warned = 1; |
195 | 195 |
} |
196 | 196 |
*state = base_state;/* lets assume we give it a base state */ |
... | ... |
@@ -482,15 +482,17 @@ static void rtf_action(struct rtf_state* state,long action) |
482 | 482 |
|
483 | 483 |
static void cleanup_stack(struct stack* stack,struct rtf_state* state,cli_ctx* ctx) |
484 | 484 |
{ |
485 |
- while(stack && stack->stack_cnt && state->default_elements) { |
|
485 |
+ while(stack && stack->stack_cnt /* && state->default_elements*/) { |
|
486 | 486 |
pop_state(stack,state); |
487 |
- if(state->cb_begin) |
|
487 |
+ if(state->cb_data && state->cb_end) |
|
488 | 488 |
state->cb_end(state,ctx); |
489 | 489 |
} |
490 | 490 |
} |
491 | 491 |
|
492 | 492 |
|
493 | 493 |
#define SCAN_CLEANUP \ |
494 |
+ if(state.cb_data && state.cb_end)\ |
|
495 |
+ state.cb_end(&state,ctx);\ |
|
494 | 496 |
tableDestroy(actiontable);\ |
495 | 497 |
cleanup_stack(&stack,&state,ctx);\ |
496 | 498 |
free(buff);\ |
... | ... |
@@ -573,7 +575,7 @@ int cli_scanrtf(int desc, cli_ctx *ctx) |
573 | 573 |
} |
574 | 574 |
break; |
575 | 575 |
case '}': |
576 |
- if(state.cb_data) |
|
576 |
+ if(state.cb_data && state.cb_end) |
|
577 | 577 |
if(( ret = state.cb_end(&state, ctx) )) { |
578 | 578 |
SCAN_CLEANUP; |
579 | 579 |
return ret; |
... | ... |
@@ -673,8 +675,14 @@ int cli_scanrtf(int desc, cli_ctx *ctx) |
673 | 673 |
|
674 | 674 |
state.controlword[state.controlword_cnt] = '\0'; |
675 | 675 |
action = tableFind(actiontable, state.controlword); |
676 |
- if(action != -1) |
|
676 |
+ if(action != -1) { |
|
677 |
+ if(state.cb_data && state.cb_end) {/* premature end of previous block */ |
|
678 |
+ state.cb_end(&state,ctx); |
|
679 |
+ state.cb_end = NULL; |
|
680 |
+ state.cb_data = NULL; |
|
681 |
+ } |
|
677 | 682 |
rtf_action(&state,action); |
683 |
+ } |
|
678 | 684 |
state.parse_state = PARSE_MAIN; |
679 | 685 |
break; |
680 | 686 |
} |