From e972c6cfd87cb5cbf1e93cf481f53add88655c42 Mon Sep 17 00:00:00 2001 From: Julien Date: Sat, 4 Jun 2011 06:05:01 +0800 Subject: SWORD25: Add error checks after allocating memory with malloc --- engines/sword25/fmv/theora_decoder.cpp | 11 +++++++++ engines/sword25/gfx/image/art.cpp | 27 +++++++++++++++++++++++ engines/sword25/gfx/image/art.h | 1 + engines/sword25/gfx/image/vectorimage.cpp | 2 ++ engines/sword25/gfx/image/vectorimagerenderer.cpp | 7 ++++++ engines/sword25/package/packagemanager.h | 3 +++ 6 files changed, 51 insertions(+) diff --git a/engines/sword25/fmv/theora_decoder.cpp b/engines/sword25/fmv/theora_decoder.cpp index 098bd2c6b9..a7ebb5df8c 100644 --- a/engines/sword25/fmv/theora_decoder.cpp +++ b/engines/sword25/fmv/theora_decoder.cpp @@ -424,6 +424,12 @@ bool TheoraDecoder::queueAudio() { if (!_audStream) return false; + // An audio buffer should have been allocated (either in the constructor or after queuing the current buffer) + if (!_audiobuf) { + warning("[TheoraDecoder::queueAudio] Invalid audio buffer"); + return false; + } + bool queuedAudio = false; for (;;) { @@ -454,6 +460,11 @@ bool TheoraDecoder::queueAudio() { // The audio mixer is now responsible for the old audio buffer. // We need to create a new one. _audiobuf = (ogg_int16_t *)malloc(AUDIOFD_FRAGSIZE * sizeof(ogg_int16_t)); + if (!_audiobuf) { + warning("[TheoraDecoder::queueAudio] Cannot allocate memory for audio buffer"); + return false; + } + _audiobufFill = 0; queuedAudio = true; } diff --git a/engines/sword25/gfx/image/art.cpp b/engines/sword25/gfx/image/art.cpp index 07a2be5694..e9715481c6 100644 --- a/engines/sword25/gfx/image/art.cpp +++ b/engines/sword25/gfx/image/art.cpp @@ -151,6 +151,8 @@ ArtSVP *art_svp_from_vpath(ArtVpath *vpath) { n_segs_max = 16; svp = (ArtSVP *)malloc(sizeof(ArtSVP) + (n_segs_max - 1) * sizeof(ArtSVPSeg)); + if (!svp) + error("[art_svp_from_vpath] Cannot allocate memory"); dir = 0; n_points = 0; @@ -1041,6 +1043,8 @@ struct _ArtPriPoint { static ArtPriQ *art_pri_new(void) { ArtPriQ *result = art_new(ArtPriQ, 1); + if (!result) + error("[art_pri_new] Cannot allocate memory"); result->n_items = 0; result->n_items_max = 16; @@ -1189,6 +1193,9 @@ static int art_svp_writer_rewind_add_segment(ArtSvpWriter *self, int wind_left, seg->bbox.x1 = x; seg->bbox.y1 = y; seg->points = art_new(ArtPoint, init_n_points_max); + if (!seg->points) + error("[art_svp_writer_rewind_add_segment] Cannot allocate memory"); + seg->points[0].x = x; seg->points[0].y = y; return seg_num; @@ -1233,6 +1240,8 @@ ArtSVP *art_svp_writer_rewind_reap(ArtSvpWriter *self) { ArtSvpWriter *art_svp_writer_rewind_new(ArtWindRule rule) { ArtSvpWriterRewind *result = art_new(ArtSvpWriterRewind, 1); + if (!result) + error("[art_svp_writer_rewind_new] Cannot allocate memory"); result->super.add_segment = art_svp_writer_rewind_add_segment; result->super.add_point = art_svp_writer_rewind_add_point; @@ -1242,6 +1251,9 @@ ArtSvpWriter *art_svp_writer_rewind_new(ArtWindRule rule) { result->n_segs_max = 16; result->svp = (ArtSVP *)malloc(sizeof(ArtSVP) + (result->n_segs_max - 1) * sizeof(ArtSVPSeg)); + if (!result->svp) + error("[art_svp_writer_rewind_new] Cannot allocate memory"); + result->svp->n_segs = 0; result->n_points_max = art_new(int, result->n_segs_max); @@ -1412,6 +1424,9 @@ static void art_svp_intersect_push_pt(ArtIntersectCtx *ctx, ArtActiveSeg *seg, seg->y1 = y; pri_pt = art_new(ArtPriPoint, 1); + if (!pri_pt) + error("[art_svp_intersect_push_pt] Cannot allocate memory"); + pri_pt->x = x; pri_pt->y = y; pri_pt->user_data = seg; @@ -1875,6 +1890,8 @@ static void art_svp_intersect_horiz(ArtIntersectCtx *ctx, ArtActiveSeg *seg, return; hs = art_new(ArtActiveSeg, 1); + if (!hs) + error("[art_svp_intersect_horiz] Cannot allocate memory"); hs->flags = ART_ACTIVE_FLAGS_DEL | (seg->flags & ART_ACTIVE_FLAGS_OUT); if (seg->flags & ART_ACTIVE_FLAGS_OUT) { @@ -2017,6 +2034,8 @@ static void art_svp_intersect_add_seg(ArtIntersectCtx *ctx, const ArtSVPSeg *in_ ArtActiveSeg *last = NULL; ArtActiveSeg *left, *right; ArtPriPoint *pri_pt = art_new(ArtPriPoint, 1); + if (!pri_pt) + error("[art_svp_intersect_add_seg] Cannot allocate memory"); seg->flags = 0; seg->in_seg = in_seg; @@ -2186,6 +2205,9 @@ void art_svp_intersector(const ArtSVP *in, ArtSvpWriter *out) { return; ctx = art_new(ArtIntersectCtx, 1); + if (!ctx) + error("[art_svp_intersector] Cannot allocate memory"); + ctx->in = in; ctx->out = out; pq = art_pri_new(); @@ -2198,6 +2220,9 @@ void art_svp_intersector(const ArtSVP *in, ArtSvpWriter *out) { ctx->in_curs = 0; first_point = art_new(ArtPriPoint, 1); + if (!first_point) + error("[art_svp_intersector] Cannot allocate memory"); + first_point->x = in->segs[0].points[0].x; first_point->y = in->segs[0].points[0].y; first_point->user_data = NULL; @@ -2339,6 +2364,8 @@ static void art_svp_render_delete_active(int *active_segs, int j, int n_active_s ArtSVPRenderAAIter *art_svp_render_aa_iter(const ArtSVP *svp, int x0, int y0, int x1, int y1) { ArtSVPRenderAAIter *iter = art_new(ArtSVPRenderAAIter, 1); + if (!iter) + error("[art_svp_render_aa_iter] Cannot allocate memory"); iter->svp = svp; iter->y = y0; diff --git a/engines/sword25/gfx/image/art.h b/engines/sword25/gfx/image/art.h index 942e26644f..8c9c97bc57 100644 --- a/engines/sword25/gfx/image/art.h +++ b/engines/sword25/gfx/image/art.h @@ -57,6 +57,7 @@ namespace Sword25 { } else { \ max = 1; \ p = art_new(type, 1); \ + if (!p) error("Cannot allocate memory for art data"); \ } \ } while (0) diff --git a/engines/sword25/gfx/image/vectorimage.cpp b/engines/sword25/gfx/image/vectorimage.cpp index 9235ec2fcf..b9ce5f7e00 100644 --- a/engines/sword25/gfx/image/vectorimage.cpp +++ b/engines/sword25/gfx/image/vectorimage.cpp @@ -321,6 +321,8 @@ ArtBpath *VectorImage::storeBez(ArtBpath *bez, int lineStyle, int fillStyle0, in bez[*bezNodes].code = ART_END; ArtBpath *bez1 = art_new(ArtBpath, *bezNodes + 1); + if (!bez1) + error("[VectorImage::storeBez] Cannot allocate memory"); for (int i = 0; i <= *bezNodes; i++) bez1[i] = bez[i]; diff --git a/engines/sword25/gfx/image/vectorimagerenderer.cpp b/engines/sword25/gfx/image/vectorimagerenderer.cpp index 97dad3346d..6d4dc213f2 100644 --- a/engines/sword25/gfx/image/vectorimagerenderer.cpp +++ b/engines/sword25/gfx/image/vectorimagerenderer.cpp @@ -270,6 +270,9 @@ ArtVpath *art_vpath_cat(ArtVpath *a, ArtVpath *b) { len_a = art_vpath_len(a); len_b = art_vpath_len(b); dest = art_new(ArtVpath, len_a + len_b + 1); + if (!dest) + error("[art_vpath_cat] Cannot allocate memory"); + p = dest; for (int i = 0; i < len_a; i++) @@ -299,6 +302,8 @@ ArtVpath *art_vpath_reverse(ArtVpath *a) { len = art_vpath_len(a); dest = art_new(ArtVpath, len + 1); + if (!dest) + error("[art_vpath_reverse] Cannot allocate memory"); for (i = 0; i < len; i++) { it = a[len - i - 1]; @@ -371,6 +376,8 @@ void drawBez(ArtBpath *bez1, ArtBpath *bez2, byte *buffer, int width, int height int size = art_vpath_len(vec); ArtVpath *vect = art_new(ArtVpath, size + 1); + if (!vect) + error("[drawBez] Cannot allocate memory"); int k; for (k = 0; k < size; k++) { diff --git a/engines/sword25/package/packagemanager.h b/engines/sword25/package/packagemanager.h index c57c30636d..b0c6718008 100644 --- a/engines/sword25/package/packagemanager.h +++ b/engines/sword25/package/packagemanager.h @@ -141,6 +141,9 @@ public: uint fileSize; char *data = (char *)getFile(fileName, &fileSize); char *result = (char *)malloc(fileSize + strlen(versionStr) + 1); + if (!result) + error("[PackageManager::getXmlFile] Cannot allocate memory"); + strcpy(result, versionStr); Common::copy(data, data + fileSize, result + strlen(versionStr)); result[fileSize + strlen(versionStr)] = '\0'; -- cgit v1.2.3