Bug Summary

File:src/mod/xml_int/mod_xml_rpc/../../../../libs/xmlrpc-c/lib/libutil/memblock.c
Location:line 90, column 5
Description:Access to field '_block' results in a dereference of a null pointer (loaded from variable 'blockP')

Annotated Source Code

1/* Copyright information is at end of file */
2#include "xmlrpc_config.h"
3
4#include <stdlib.h>
5#include <stdio.h>
6#include <string.h>
7#include <ctype.h>
8
9#include "mallocvar.h"
10#include "xmlrpc-c/util_int.h"
11#include "xmlrpc-c/util.h"
12
13#ifdef EFENCE
14 /* when looking for corruption don't allocate extra slop */
15#define BLOCK_ALLOC_MIN(16) (1)
16#else
17#define BLOCK_ALLOC_MIN(16) (16)
18#endif
19#define BLOCK_ALLOC_MAX(128 * 1024 * 1024) (128 * 1024 * 1024)
20
21
22xmlrpc_mem_block *
23xmlrpc_mem_block_new(xmlrpc_env * const envP,
24 size_t const size) {
25
26 xmlrpc_mem_block * block;
27
28 XMLRPC_ASSERT_ENV_OK(envP)do if (!((envP) != ((void*)0) && (envP->fault_string
== ((void*)0)) && !(envP)->fault_occurred)) xmlrpc_assertion_failed
("../../../../libs/xmlrpc-c/lib/libutil/memblock.c", 28); while
(0);
29
30 MALLOCVAR(block)block = malloc(sizeof(*block));
31
32 if (block == NULL((void*)0))
33 xmlrpc_faultf(envP, "Can't allocate memory block");
34 else {
35 xmlrpc_mem_block_init(envP, block, size);
36
37 if (envP->fault_occurred) {
38 free(block);
39 block = NULL((void*)0);
40 }
41 }
42 return block;
43}
44
45
46
47/* Destroy an existing xmlrpc_mem_block, and everything it contains. */
48void
49xmlrpc_mem_block_free(xmlrpc_mem_block * const blockP) {
50
51 XMLRPC_ASSERT(blockP != NULL)do if (!(blockP != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/lib/libutil/memblock.c"
, 51); while (0);
52 XMLRPC_ASSERT(blockP->_block != NULL)do if (!(blockP->_block != ((void*)0))) xmlrpc_assertion_failed
("../../../../libs/xmlrpc-c/lib/libutil/memblock.c", 52); while
(0);
53
54 xmlrpc_mem_block_clean(blockP);
55 free(blockP);
56}
57
58
59
60/* Initialize the contents of the provided xmlrpc_mem_block. */
61void
62xmlrpc_mem_block_init(xmlrpc_env * const envP,
63 xmlrpc_mem_block * const blockP,
64 size_t const size) {
65
66 XMLRPC_ASSERT_ENV_OK(envP)do if (!((envP) != ((void*)0) && (envP->fault_string
== ((void*)0)) && !(envP)->fault_occurred)) xmlrpc_assertion_failed
("../../../../libs/xmlrpc-c/lib/libutil/memblock.c", 66); while
(0);
67 XMLRPC_ASSERT(blockP != NULL)do if (!(blockP != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/lib/libutil/memblock.c"
, 67); while (0);
68
69 blockP->_size = size;
70 if (size < BLOCK_ALLOC_MIN(16))
71 blockP->_allocated = BLOCK_ALLOC_MIN(16);
72 else
73 blockP->_allocated = size;
74
75 blockP->_block = (void*) malloc(blockP->_allocated);
76 if (!blockP->_block)
77 xmlrpc_faultf(envP, "Can't allocate %u-byte memory block",
78 (unsigned)blockP->_allocated);
79}
80
81
82
83/* Deallocate the contents of the provided xmlrpc_mem_block, but not
84 the block itself.
85*/
86void
87xmlrpc_mem_block_clean(xmlrpc_mem_block * const blockP) {
88
89 XMLRPC_ASSERT(blockP != NULL)do if (!(blockP != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/lib/libutil/memblock.c"
, 89); while (0);
1
Within the expansion of the macro 'XMLRPC_ASSERT':
a
Assuming 'blockP' is equal to null
90 XMLRPC_ASSERT(blockP->_block != NULL)do if (!(blockP->_block != ((void*)0))) xmlrpc_assertion_failed
("../../../../libs/xmlrpc-c/lib/libutil/memblock.c", 90); while
(0);
2
Within the expansion of the macro 'XMLRPC_ASSERT':
a
Access to field '_block' results in a dereference of a null pointer (loaded from variable 'blockP')
91
92 free(blockP->_block);
93 blockP->_block = XMLRPC_BAD_POINTER((void*) 0xDEADBEEF);
94}
95
96
97
98/* Get the size of the xmlrpc_mem_block. */
99size_t
100xmlrpc_mem_block_size(const xmlrpc_mem_block * const blockP) {
101
102 XMLRPC_ASSERT(blockP != NULL)do if (!(blockP != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/lib/libutil/memblock.c"
, 102); while (0);
103 return blockP->_size;
104}
105
106
107
108/* Get the contents of the xmlrpc_mem_block. */
109void *
110xmlrpc_mem_block_contents(const xmlrpc_mem_block * const blockP) {
111
112 XMLRPC_ASSERT(blockP != NULL)do if (!(blockP != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/lib/libutil/memblock.c"
, 112); while (0);
113 return blockP->_block;
114}
115
116
117
118/* Resize an xmlrpc_mem_block, preserving as much of the contents as
119 possible.
120*/
121void
122xmlrpc_mem_block_resize (xmlrpc_env * const envP,
123 xmlrpc_mem_block * const blockP,
124 size_t const size) {
125
126 size_t proposed_alloc;
127 void* new_block;
128
129 XMLRPC_ASSERT_ENV_OK(envP)do if (!((envP) != ((void*)0) && (envP->fault_string
== ((void*)0)) && !(envP)->fault_occurred)) xmlrpc_assertion_failed
("../../../../libs/xmlrpc-c/lib/libutil/memblock.c", 129); while
(0);
130 XMLRPC_ASSERT(blockP != NULL)do if (!(blockP != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/lib/libutil/memblock.c"
, 130); while (0);
131
132 /* Check to see if we already have enough space. Maybe we'll get lucky. */
133 if (size <= blockP->_allocated) {
134 blockP->_size = size;
135 return;
136 }
137
138 /* Calculate a new allocation size. */
139#ifdef EFENCE
140 proposed_alloc = size;
141#else
142 proposed_alloc = blockP->_allocated;
143 while (proposed_alloc < size && proposed_alloc <= BLOCK_ALLOC_MAX(128 * 1024 * 1024))
144 proposed_alloc *= 2;
145#endif /* DEBUG_MEM_ERRORS */
146
147 if (proposed_alloc > BLOCK_ALLOC_MAX(128 * 1024 * 1024))
148 XMLRPC_FAIL(envP, XMLRPC_INTERNAL_ERROR, "Memory block too large")do { xmlrpc_env_set_fault((envP),((-500)),("Memory block too large"
)); goto cleanup; } while (0);
149
150 /* Allocate our new memory block. */
151 new_block = (void*) malloc(proposed_alloc);
152 XMLRPC_FAIL_IF_NULL(new_block, envP, XMLRPC_INTERNAL_ERROR,do { if ((new_block) == ((void*)0)) do { xmlrpc_env_set_fault
(((envP)),(((-500))),(("Can't resize memory block"))); goto cleanup
; } while (0); } while (0)
153 "Can't resize memory block")do { if ((new_block) == ((void*)0)) do { xmlrpc_env_set_fault
(((envP)),(((-500))),(("Can't resize memory block"))); goto cleanup
; } while (0); } while (0);
154
155 /* Copy over our data and update the xmlrpc_mem_block struct. */
156 memcpy(new_block, blockP->_block, blockP->_size);
157 free(blockP->_block);
158 blockP->_block = new_block;
159 blockP->_size = size;
160 blockP->_allocated = proposed_alloc;
161
162 cleanup:
163 return;
164}
165
166
167
168void
169xmlrpc_mem_block_append(xmlrpc_env * const envP,
170 xmlrpc_mem_block * const blockP,
171 const void * const data,
172 size_t const len) {
173
174 size_t const originalSize = blockP->_size;
175
176 XMLRPC_ASSERT_ENV_OK(envP)do if (!((envP) != ((void*)0) && (envP->fault_string
== ((void*)0)) && !(envP)->fault_occurred)) xmlrpc_assertion_failed
("../../../../libs/xmlrpc-c/lib/libutil/memblock.c", 176); while
(0);
177 XMLRPC_ASSERT(blockP != NULL)do if (!(blockP != ((void*)0))) xmlrpc_assertion_failed("../../../../libs/xmlrpc-c/lib/libutil/memblock.c"
, 177); while (0);
178
179 xmlrpc_mem_block_resize(envP, blockP, originalSize + len);
180 if (!envP->fault_occurred) {
181 memcpy(((unsigned char*) blockP->_block) + originalSize, data, len);
182 }
183}
184
185
186
187/* Copyright (C) 2001 by First Peer, Inc. All rights reserved.
188**
189** Redistribution and use in source and binary forms, with or without
190** modification, are permitted provided that the following conditions
191** are met:
192** 1. Redistributions of source code must retain the above copyright
193** notice, this list of conditions and the following disclaimer.
194** 2. Redistributions in binary form must reproduce the above copyright
195** notice, this list of conditions and the following disclaimer in the
196** documentation and/or other materials provided with the distribution.
197** 3. The name of the author may not be used to endorse or promote products
198** derived from this software without specific prior written permission.
199**
200** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
201** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
202** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
203** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
204** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
205** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
206** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
207** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
208** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
209** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
210** SUCH DAMAGE.
211*/