Bug Summary

File:libs/sofia-sip/libsofia-sip-ua/nta/sl_read_payload.c
Location:line 114, column 5
Description:Potential leak of memory pointed to by 'buf'

Annotated Source Code

1/*
2 * This file is part of the Sofia-SIP package
3 *
4 * Copyright (C) 2005 Nokia Corporation.
5 *
6 * Contact: Pekka Pessi <pekka.pessi@nokia.com>
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21 * 02110-1301 USA
22 *
23 */
24
25/**@ingroup sl_utils
26 * @CFILE sl_read_payload.c
27 *
28 * @brief Functions for reading SIP message payload from a file.
29 *
30 * @author Pekka Pessi <Pekka.Pessi@nokia.com>
31 *
32 * @date Created: Thu Sep 5 00:44:34 2002 ppessi
33 */
34
35#include "config.h"
36
37#include <stdio.h>
38#include <stdlib.h>
39#include <string.h>
40#include <errno(*__errno_location ()).h>
41
42#include <sofia-sip/sip_header.h>
43
44#include <sofia-sip/sl_utils.h>
45
46/** Read payload from named file.
47 *
48 * The function sl_read_payload() reads the contents to a SIP payload
49 * structure from a the named file. If @a fname is NULL, the payload
50 * contents are read from standard input.
51 */
52sip_payload_t *sl_read_payload(su_home_t *home, char const *fname)
53{
54 FILE *f;
55 sip_payload_t *pl;
56
57 if (fname == NULL((void*)0) || strcmp(fname, "-")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(fname) && __builtin_constant_p ("-") && (__s1_len
= __builtin_strlen (fname), __s2_len = __builtin_strlen ("-"
), (!((size_t)(const void *)((fname) + 1) - (size_t)(const void
*)(fname) == 1) || __s1_len >= 4) && (!((size_t)(
const void *)(("-") + 1) - (size_t)(const void *)("-") == 1) ||
__s2_len >= 4)) ? __builtin_strcmp (fname, "-") : (__builtin_constant_p
(fname) && ((size_t)(const void *)((fname) + 1) - (size_t
)(const void *)(fname) == 1) && (__s1_len = __builtin_strlen
(fname), __s1_len < 4) ? (__builtin_constant_p ("-") &&
((size_t)(const void *)(("-") + 1) - (size_t)(const void *)(
"-") == 1) ? __builtin_strcmp (fname, "-") : (__extension__ (
{ const unsigned char *__s2 = (const unsigned char *) (const char
*) ("-"); int __result = (((const unsigned char *) (const char
*) (fname))[0] - __s2[0]); if (__s1_len > 0 && __result
== 0) { __result = (((const unsigned char *) (const char *) (
fname))[1] - __s2[1]); if (__s1_len > 1 && __result
== 0) { __result = (((const unsigned char *) (const char *) (
fname))[2] - __s2[2]); if (__s1_len > 2 && __result
== 0) __result = (((const unsigned char *) (const char *) (fname
))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p (
"-") && ((size_t)(const void *)(("-") + 1) - (size_t)
(const void *)("-") == 1) && (__s2_len = __builtin_strlen
("-"), __s2_len < 4) ? (__builtin_constant_p (fname) &&
((size_t)(const void *)((fname) + 1) - (size_t)(const void *
)(fname) == 1) ? __builtin_strcmp (fname, "-") : (- (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) (fname); int __result = (((const unsigned char *) (const
char *) ("-"))[0] - __s2[0]); if (__s2_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) ("-"))[1] - __s2[1]); if (__s2_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) ("-"))[2] - __s2[2]); if (__s2_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) ("-"))[3] - __s2[3]); } } __result; })))) : __builtin_strcmp
(fname, "-")))); }) == 0)
58 f = stdinstdin, fname = "<stdin>";
59 else
60 f = fopen(fname, "rb");
61
62 if (f == NULL((void*)0))
63 return NULL((void*)0);
64
65 pl = sl_fread_payload(home, f);
66 if (f != stdinstdin)
67 fclose(f);
68
69 return pl;
70}
71
72sip_payload_t *sl_fread_payload(su_home_t *home, FILE *f)
73{
74 sip_payload_t *pl;
75 size_t n;
76 char *buf;
77 char const *who;
78 size_t used, size;
79
80 if (f == NULL((void*)0)) {
1
Assuming 'f' is not equal to null
2
Taking false branch
81 errno(*__errno_location ()) = EINVAL22;
82 return NULL((void*)0);
83 }
84
85 pl = sip_payload_create(home, NULL((void*)0), 0);
86
87 if (pl == NULL((void*)0))
3
Assuming 'pl' is not equal to null
4
Taking false branch
88 return NULL((void*)0);
89
90 /* Read block by block */
91 used = 0;
92 size = 4096;
93 buf = malloc(size);
5
Memory is allocated
94 who = "sl_fread_payload: malloc";
95
96 while (buf) {
6
Loop condition is true. Entering loop body
12
Loop condition is false. Execution continues on line 113
97 n = fread(buf + used, 1, size - used, f);
98 used += n;
99 if (n < size - used) {
7
Taking false branch
100 if (feof(f))
101 ;
102 else if (ferror(f)) {
103 free(buf); buf = NULL((void*)0);
104 who = "sl_fread_payload: fread";
105 }
106 break;
107 }
108 buf = realloc(buf, size = 2 * size);
8
Attempt to reallocate memory
109 if (buf == NULL((void*)0))
9
Assuming 'buf' is equal to null
10
Reallocation failed
11
Taking true branch
110 who = "sl_fread_payload: realloc";
111 }
112
113 if (buf == NULL((void*)0)) {
13
Taking true branch
114 perror(who);
14
Potential leak of memory pointed to by 'buf'
115 su_free(home, pl);
116 return NULL((void*)0);
117 }
118
119 if (used < size)
120 buf[used] = '\0';
121
122 pl->pl_common->h_data = pl->pl_data = buf;
123 pl->pl_common->h_len = pl->pl_len = used;
124
125 return pl;
126}