From e30d1c0f47ad2767786cceff88476e349200c0fa Mon Sep 17 00:00:00 2001
From: Zhang Zhaolong <zhangzl2013@126.com>
Date: Wed, 11 Mar 2015 14:59:56 +0800
Subject: [PATCH] libwinpr: fix incorrect usage of realloc.

Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
---
 winpr/libwinpr/environment/environment.c      | 28 ++++++++--
 .../libwinpr/utils/collections/MessageQueue.c |  5 +-
 winpr/libwinpr/utils/collections/ObjectPool.c | 11 +++-
 winpr/libwinpr/utils/collections/PubSub.c     | 11 +++-
 winpr/libwinpr/utils/collections/Reference.c  | 11 +++-
 winpr/libwinpr/utils/collections/Stack.c      | 11 +++-
 winpr/libwinpr/utils/collections/StreamPool.c | 55 +++++++++++++++----
 winpr/libwinpr/utils/ini.c                    | 22 ++++++--
 winpr/libwinpr/utils/stream.c                 | 11 ++--
 9 files changed, 132 insertions(+), 33 deletions(-)

diff --git a/winpr/libwinpr/environment/environment.c b/winpr/libwinpr/environment/environment.c
index 921736a79..6cafafc90 100644
--- a/winpr/libwinpr/environment/environment.c
+++ b/winpr/libwinpr/environment/environment.c
@@ -230,6 +230,8 @@ LPCH GetEnvironmentStrings(VOID)
 
 	cchEnvironmentBlock = 128;
 	lpszEnvironmentBlock = (LPCH) malloc(cchEnvironmentBlock * sizeof(CHAR));
+	if (!lpszEnvironmentBlock)
+		return NULL;
 
 	while (*envp)
 	{
@@ -237,8 +239,19 @@ LPCH GetEnvironmentStrings(VOID)
 
 		while ((offset + length + 8) > cchEnvironmentBlock)
 		{
-			cchEnvironmentBlock *= 2;
-			lpszEnvironmentBlock = (LPCH) realloc(lpszEnvironmentBlock, cchEnvironmentBlock * sizeof(CHAR));
+			DWORD new_size;
+			LPCH new_blk;
+
+			new_size = cchEnvironmentBlock * 2;
+			new_blk = (LPCH) realloc(lpszEnvironmentBlock, new_size * sizeof(CHAR));
+			if (!new_blk)
+			{
+				free(lpszEnvironmentBlock);
+				return NULL;
+			}
+
+			lpszEnvironmentBlock = new_blk;
+			cchEnvironmentBlock = new_size;
 		}
 
 		p = &(lpszEnvironmentBlock[offset]);
@@ -327,11 +340,16 @@ LPCH MergeEnvironmentStrings(PCSTR original, PCSTR merge)
 
 		if (mergeStringLength == mergeArraySize)
 		{
-			mergeArraySize += 128;
-			mergeStrings = (const char**) realloc((void*) mergeStrings, mergeArraySize * sizeof(char*));
+			const char** new_str;
 
-			if (!mergeStrings)
+			mergeArraySize += 128;
+			new_str = (const char**) realloc((void*) mergeStrings, mergeArraySize * sizeof(char*));
+
+			if (!new_str)
+			{
+				free(mergeStrings);
 				return NULL;
+			}
 		}
 
 		mergeStrings[mergeStringLength] = cp;
diff --git a/winpr/libwinpr/utils/collections/MessageQueue.c b/winpr/libwinpr/utils/collections/MessageQueue.c
index 8b8ec1e15..90d2c352c 100644
--- a/winpr/libwinpr/utils/collections/MessageQueue.c
+++ b/winpr/libwinpr/utils/collections/MessageQueue.c
@@ -79,8 +79,11 @@ void MessageQueue_Dispatch(wMessageQueue* queue, wMessage* message)
 		old_capacity = queue->capacity;
 		new_capacity = queue->capacity * 2;
 
+		new_arr = (wMessage*) realloc(queue->array, sizeof(wMessage) * new_capacity);
+		if (!new-arr)
+			return;
+		queue->array = new_arr;
 		queue->capacity = new_capacity;
-		queue->array = (wMessage*) realloc(queue->array, sizeof(wMessage) * queue->capacity);
 		ZeroMemory(&(queue->array[old_capacity]), old_capacity * sizeof(wMessage));
 
 		if (queue->tail < old_capacity)
diff --git a/winpr/libwinpr/utils/collections/ObjectPool.c b/winpr/libwinpr/utils/collections/ObjectPool.c
index b479c3b1b..6d2928f5e 100644
--- a/winpr/libwinpr/utils/collections/ObjectPool.c
+++ b/winpr/libwinpr/utils/collections/ObjectPool.c
@@ -74,8 +74,15 @@ void ObjectPool_Return(wObjectPool* pool, void* obj)
 
 	if ((pool->size + 1) >= pool->capacity)
 	{
-		pool->capacity *= 2;
-		pool->array = (void**) realloc(pool->array, sizeof(void*) * pool->capacity);
+		int new_cap;
+		void **new_arr;
+
+		new_cap = pool->capacity * 2;
+		new_arr = (void**) realloc(pool->array, sizeof(void*) * new_cap);
+		if (!new_arr)
+			return;
+		pool->array = new_arr;
+		pool->capacity = new_cap;
 	}
 
 	pool->array[(pool->size)++] = obj;
diff --git a/winpr/libwinpr/utils/collections/PubSub.c b/winpr/libwinpr/utils/collections/PubSub.c
index abd29098c..7bd2fde69 100644
--- a/winpr/libwinpr/utils/collections/PubSub.c
+++ b/winpr/libwinpr/utils/collections/PubSub.c
@@ -80,8 +80,15 @@ void PubSub_AddEventTypes(wPubSub* pubSub, wEventType* events, int count)
 
 	while (pubSub->count + count >= pubSub->size)
 	{
-		pubSub->size *= 2;
-		pubSub->events = (wEventType*) realloc(pubSub->events, pubSub->size);
+		int new_size;
+		wEventType *new_event;
+
+		new_size = pubSub->size * 2;
+		new_event = (wEventType*) realloc(pubSub->events, new_size);
+		if (!new_event)
+			return;
+		pubSub->size = new_size;
+		pubSub->events = new_event;
 	}
 
 	CopyMemory(&pubSub->events[pubSub->count], events, count * sizeof(wEventType));
diff --git a/winpr/libwinpr/utils/collections/Reference.c b/winpr/libwinpr/utils/collections/Reference.c
index b12c121c2..23ce2ae2f 100644
--- a/winpr/libwinpr/utils/collections/Reference.c
+++ b/winpr/libwinpr/utils/collections/Reference.c
@@ -70,6 +70,9 @@ wReference* ReferenceTable_GetFreeEntry(wReferenceTable* referenceTable)
 
 	if (!found)
 	{
+		UINT32 new_size;
+		wReference *new_ref;
+
 		if (!referenceTable->size)
 		{
 			if (referenceTable->array)
@@ -78,10 +81,12 @@ wReference* ReferenceTable_GetFreeEntry(wReferenceTable* referenceTable)
 			return NULL;
 		}
 
-		referenceTable->size *= 2;
-		referenceTable->array = (wReference*) realloc(referenceTable->array,
-				sizeof(wReference) * referenceTable->size);
+		new_size = referenceTable->size * 2;
+		new_ref = (wReference*) realloc(referenceTable->array,
+				sizeof(wReference) * new_size);
 
+		referenceTable->size = new_size;
+		referenceTable->array = new_ref;
 		ZeroMemory(&referenceTable->array[(referenceTable->size / 2)],
 				sizeof(wReference) * (referenceTable->size / 2));
 
diff --git a/winpr/libwinpr/utils/collections/Stack.c b/winpr/libwinpr/utils/collections/Stack.c
index 5c2dcf230..18df4e7c9 100644
--- a/winpr/libwinpr/utils/collections/Stack.c
+++ b/winpr/libwinpr/utils/collections/Stack.c
@@ -127,8 +127,15 @@ void Stack_Push(wStack* stack, void* obj)
 
 	if ((stack->size + 1) >= stack->capacity)
 	{
-		stack->capacity *= 2;
-		stack->array = (void**) realloc(stack->array, sizeof(void*) * stack->capacity);
+		int new_cap;
+		void **new_arr;
+
+		new_cap = stack->capacity * 2;
+		new_arr = (void**) realloc(stack->array, sizeof(void*) * new_cap);
+		if (!new_arr)
+			return;
+		stack->array = new_arr;
+		stack->capacity = new_cap;
 	}
 
 	stack->array[(stack->size)++] = obj;
diff --git a/winpr/libwinpr/utils/collections/StreamPool.c b/winpr/libwinpr/utils/collections/StreamPool.c
index 5760de94a..1d26b24d9 100644
--- a/winpr/libwinpr/utils/collections/StreamPool.c
+++ b/winpr/libwinpr/utils/collections/StreamPool.c
@@ -35,8 +35,15 @@ void StreamPool_ShiftUsed(wStreamPool* pool, int index, int count)
 	{
 		if (pool->uSize + count > pool->uCapacity)
 		{
-			pool->uCapacity *= 2;
-			pool->uArray = (wStream**) realloc(pool->uArray, sizeof(wStream*) * pool->uCapacity);
+			int new_cap;
+			wStream **new_arr;
+
+			new_cap = pool->uCapacity * 2;
+			new_arr = (wStream**) realloc(pool->uArray, sizeof(wStream*) * new_cap);
+			if (!new_arr)
+				return;
+			pool->uCapacity = new_cap;
+			pool->uArray = new_arr;
 		}
 
 		MoveMemory(&pool->uArray[index + count], &pool->uArray[index], (pool->uSize - index) * sizeof(wStream*));
@@ -62,8 +69,15 @@ void StreamPool_AddUsed(wStreamPool* pool, wStream* s)
 {
 	if ((pool->uSize + 1) >= pool->uCapacity)
 	{
-		pool->uCapacity *= 2;
-		pool->uArray = (wStream**) realloc(pool->uArray, sizeof(wStream*) * pool->uCapacity);
+		int new_cap;
+		wStream **new_arr;
+
+		new_cap = pool->uCapacity * 2;
+		new_arr = (wStream**) realloc(pool->uArray, sizeof(wStream*) * new_cap);
+		if (!new_arr)
+			return;
+		pool->uCapacity = new_cap;
+		pool->uArray = new_arr;
 	}
 
 	pool->uArray[(pool->uSize)++] = s;
@@ -97,8 +111,15 @@ void StreamPool_ShiftAvailable(wStreamPool* pool, int index, int count)
 	{
 		if (pool->aSize + count > pool->aCapacity)
 		{
-			pool->aCapacity *= 2;
-			pool->aArray = (wStream**) realloc(pool->aArray, sizeof(wStream*) * pool->aCapacity);
+			int new_cap;
+			wStream **new_arr;
+
+			new_cap = pool->aCapacity * 2;
+			new_arr = (wStream**) realloc(pool->aArray, sizeof(wStream*) * new_cap);
+			if (!new_arr)
+				return;
+			pool->aCapacity = new_cap;
+			pool->aArray = new_arr;
 		}
 
 		MoveMemory(&pool->aArray[index + count], &pool->aArray[index], (pool->aSize - index) * sizeof(wStream*));
@@ -179,13 +200,27 @@ void StreamPool_Return(wStreamPool* pool, wStream* s)
 
 	if ((pool->aSize + 1) >= pool->aCapacity)
 	{
-		pool->aCapacity *= 2;
-		pool->aArray = (wStream**) realloc(pool->aArray, sizeof(wStream*) * pool->aCapacity);
+		int new_cap;
+		wStream **new_arr;
+
+		new_cap = pool->aCapacity * 2;
+		new_arr = (wStream**) realloc(pool->aArray, sizeof(wStream*) * new_cap);
+		if (!new_arr)
+			return;
+		pool->aCapacity = new_cap;
+		pool->aArray = new_arr;
 	}
 	else if ((pool->aSize + 1) * 3 < pool->aCapacity)
 	{
-		pool->aCapacity /= 2;
-		pool->aArray = (wStream**) realloc(pool->aArray, sizeof(wStream*) * pool->aCapacity);
+		int new_cap;
+		wStream **new_arr;
+
+		new_cap = pool->aCapacity / 2;
+		new_arr = (wStream**) realloc(pool->aArray, sizeof(wStream*) * new_cap);
+		if (!new_arr)
+			return;
+		pool->aCapacity = new_cap;
+		pool->aArray = new_arr;
 	}
 
 	pool->aArray[(pool->aSize)++] = s;
diff --git a/winpr/libwinpr/utils/ini.c b/winpr/libwinpr/utils/ini.c
index 2a8774fe3..3f026db5b 100644
--- a/winpr/libwinpr/utils/ini.c
+++ b/winpr/libwinpr/utils/ini.c
@@ -224,8 +224,15 @@ wIniFileSection* IniFile_AddSection(wIniFile* ini, const char* name)
 	{
 		if ((ini->nSections + 1) >= (ini->cSections))
 		{
-			ini->cSections *= 2;
-			ini->sections = (wIniFileSection**) realloc(ini->sections, sizeof(wIniFileSection*) * ini->cSections);
+			int new_size;
+			wIniFileSection** new_sect;
+
+			new_size = ini->cSections * 2;
+			new_sect = (wIniFileSection**) realloc(ini->sections, sizeof(wIniFileSection*) * new_size);
+			if (!new_sect)
+				return NULL;
+			ini->cSections = new_size;
+			ini->sections = new_sect;
 		}
 
 		section = IniFile_Section_New(name);
@@ -269,8 +276,15 @@ wIniFileKey* IniFile_AddKey(wIniFile* ini, wIniFileSection* section, const char*
 	{
 		if ((section->nKeys + 1) >= (section->cKeys))
 		{
-			section->cKeys *= 2;
-			section->keys = (wIniFileKey**) realloc(section->keys, sizeof(wIniFileKey*) * section->cKeys);
+			int new_size;
+			wIniFileKey** new_key;
+
+			new_size = section->cKeys * 2;
+			new_key = (wIniFileKey**) realloc(section->keys, sizeof(wIniFileKey*) * new_size);
+			if (!new_key)
+				return NULL;
+			section->cKeys = new_size;
+			section->keys = new_key;
 		}
 
 		key = IniFile_Key_New(name, value);
diff --git a/winpr/libwinpr/utils/stream.c b/winpr/libwinpr/utils/stream.c
index 7ef0535ff..9aac3f8b0 100644
--- a/winpr/libwinpr/utils/stream.c
+++ b/winpr/libwinpr/utils/stream.c
@@ -32,6 +32,7 @@ void Stream_EnsureCapacity(wStream* s, size_t size)
 		size_t position;
 		size_t old_capacity;
 		size_t new_capacity;
+		BYTE* new_buf;
 
 		old_capacity = s->capacity;
 		new_capacity = old_capacity;
@@ -42,13 +43,15 @@ void Stream_EnsureCapacity(wStream* s, size_t size)
 		}
 		while (new_capacity < size);
 
-		s->capacity = new_capacity;
-		s->length = new_capacity;
 
 		position = Stream_GetPosition(s);
 
-		s->buffer = (BYTE*) realloc(s->buffer, s->capacity);
-
+		new_buf = (BYTE*) realloc(s->buffer, new_capacity);
+		if (!new_buf)
+			return;
+		s->buffer = new_buf;
+		s->capacity = new_capacity;
+		s->length = new_capacity;
 		ZeroMemory(&s->buffer[old_capacity], s->capacity - old_capacity);
 
 		Stream_SetPosition(s, position);