Index: branches/cparm/i386/libsaio/device_tree.c =================================================================== --- branches/cparm/i386/libsaio/device_tree.c (revision 2120) +++ branches/cparm/i386/libsaio/device_tree.c (revision 2121) @@ -353,10 +353,7 @@ } } if (child == 0 && createIfMissing) { - DPRINTF("Creating node\n"); - //char *str = malloc(strlen(nameBuf) + 1); - // XXX this will leak - //strcpy(str, nameBuf); + DPRINTF("Creating node\n"); const char *str = newString(nameBuf); if (str) { Index: branches/cparm/i386/libsaio/hfs.c =================================================================== --- branches/cparm/i386/libsaio/hfs.c (revision 2120) +++ branches/cparm/i386/libsaio/hfs.c (revision 2121) @@ -339,7 +339,7 @@ if ((dirFlags & kFileTypeMask) != kFileTypeUnknown) return -1; } - GetCatalogEntry(dirIndex, name, flags, time, finderInfo, infoValid); + if (GetCatalogEntry(dirIndex, name, flags, time, finderInfo, infoValid) != 0) return -1; if (*dirIndex == 0) *dirIndex = -1; if ((*flags & kFileTypeMask) == kFileTypeUnknown) return -1; @@ -360,7 +360,7 @@ /* Fill some crucial data structures by side effect. */ dirIndex = 0; - HFSGetDirEntry(ih, "/", &dirIndex, &name, &flags, &time, 0, 0); + if (HFSGetDirEntry(ih, "/", &dirIndex, &name, &flags, &time, 0, 0) != 0) return; /* Now we can loook up the volume name node. */ nodeSize = SWAP_BE16(gBTHeaders[kBTreeCatalog]->nodeSize); @@ -368,7 +368,7 @@ dirIndex = (long long) firstLeafNode * nodeSize; - GetCatalogEntry(&dirIndex, &name, &flags, &time, 0, 0); + if (GetCatalogEntry(&dirIndex, &name, &flags, &time, 0, 0) != 0) return; strncpy(str, name, strMaxLen); str[strMaxLen] = '\0'; @@ -611,6 +611,10 @@ nodeSize = SWAP_BE16(gBTHeaders[kBTreeCatalog]->nodeSize); nodeBuf = (char *)malloc(nodeSize); + if (!nodeBuf) + { + return -1; + } node = (BTNodeDescriptor *)nodeBuf; index = (long) (*dirIndex % nodeSize); @@ -743,6 +747,10 @@ curNode = SWAP_BE32(gBTHeaders[btree]->rootNode); nodeSize = SWAP_BE16(gBTHeaders[btree]->nodeSize); nodeBuf = (char *)malloc(nodeSize); + if (!nodeBuf) + { + return -1; + } node = (BTNodeDescriptor *)nodeBuf; while (1) { Index: branches/cparm/i386/libsaio/hfs_compare.c =================================================================== --- branches/cparm/i386/libsaio/hfs_compare.c (revision 2120) +++ branches/cparm/i386/libsaio/hfs_compare.c (revision 2121) @@ -37,6 +37,11 @@ UncompressStructure(struct compressed_block *bp, int count, int size) { unsigned short *out = malloc(size); + if (!out) + { + stop("UncompressStructure unable to allocate memory\n"); + return 0; + } unsigned short *op = out; unsigned short data; int i, j; Index: branches/cparm/i386/libsaio/ufs.c =================================================================== --- branches/cparm/i386/libsaio/ufs.c (revision 2120) +++ branches/cparm/i386/libsaio/ufs.c (revision 2121) @@ -168,6 +168,7 @@ gFragsPerBlock = gBlockSize / gFragSize; if (gTempBlock != 0) free(gTempBlock); gTempBlock = malloc(gBlockSize); + if (!gTempBlock) return -1; CacheInit(ih, gBlockSize); gCurrentIH = ih; Index: branches/cparm/i386/libsaio/device_inject.c =================================================================== --- branches/cparm/i386/libsaio/device_inject.c (revision 2120) +++ branches/cparm/i386/libsaio/device_inject.c (revision 2121) @@ -352,7 +352,7 @@ const char *val; uint8_t *binStr; uint8_t *kbinStr; - + EFI_STATUS ret = EFI_DEVICE_ERROR; int cnt = 0, cnt2 = 0; static char DEVICE_PROPERTIES_PROP[] = "device-properties"; @@ -372,19 +372,23 @@ if (cnt > 1) { binStr = convertHexStr2Binary(val, &cnt2); - - if (cnt2 > 0) - { - kbinStr = (uint8_t*)AllocateKernelMemory(cnt2); - if (kbinStr) + if (binStr) + { + if (cnt2 > 0) { - bcopy(binStr,kbinStr,cnt2); - DT__AddProperty(node, DEVICE_PROPERTIES_PROP, cnt2, kbinStr); - return EFI_SUCCESS; + kbinStr = (uint8_t*)AllocateKernelMemory(cnt2); + if (kbinStr) + { + bcopy(binStr,kbinStr,cnt2); + DT__AddProperty(node, DEVICE_PROPERTIES_PROP, cnt2, kbinStr); + ret = EFI_SUCCESS; + } } - } + free(binStr); + } + } - return EFI_DEVICE_ERROR; + return ret; } Index: branches/cparm/i386/libsaio/CoreHash.c =================================================================== --- branches/cparm/i386/libsaio/CoreHash.c (revision 2120) +++ branches/cparm/i386/libsaio/CoreHash.c (revision 2121) @@ -49,7 +49,11 @@ static void CopyVarPtr (struct env_struct *var, void* ptr, size_t size) { var->ptr = malloc(size); - memcpy(var->ptr, ptr, size); + if (var->ptr) + { + memcpy(var->ptr, ptr, size); + + } } static struct env_struct *find_env(const char *name) { Index: branches/cparm/i386/libsaio/convert.c =================================================================== --- branches/cparm/i386/libsaio/convert.c (revision 2120) +++ branches/cparm/i386/libsaio/convert.c (revision 2121) @@ -93,10 +93,7 @@ { // the resulting binary will be the half size of the input hex string binStr = malloc(len / 2); - if (!binStr) { - *outLength = 0; - return NULL; - } + if (!binStr) goto out; binStrIdx = 0; hexNibbleIdx = 0; for (hexStrIdx = 0; hexStrIdx < len; hexStrIdx++) @@ -132,9 +129,9 @@ *outLength = binStrIdx; return binStr; } - else - { - *outLength = 0; - return NULL; - } + +out: + *outLength = 0; + return NULL; + } \ No newline at end of file Index: branches/cparm/i386/libsaio/fake_efi.c =================================================================== --- branches/cparm/i386/libsaio/fake_efi.c (revision 2120) +++ branches/cparm/i386/libsaio/fake_efi.c (revision 2121) @@ -264,17 +264,21 @@ if (cnt > 1) { binStr = convertHexStr2Binary(val, &cnt2); - - if (cnt2 > 0) + if (binStr) { - kbinStr = (uint8_t*)AllocateKernelMemory(cnt2); - - if (kbinStr) + if (cnt2 > 0) { - bcopy(binStr,kbinStr,cnt2); - DT__AddProperty(node, DEVICE_PROPERTIES_PROP, cnt2, kbinStr); - } + kbinStr = (uint8_t*)AllocateKernelMemory(cnt2); + + if (kbinStr) + { + bcopy(binStr,kbinStr,cnt2); + DT__AddProperty(node, DEVICE_PROPERTIES_PROP, cnt2, kbinStr); + } + } + free(binStr); } + } } } Index: branches/cparm/i386/modules/GUI/picopng.c =================================================================== --- branches/cparm/i386/modules/GUI/picopng.c (revision 2120) +++ branches/cparm/i386/modules/GUI/picopng.c (revision 2121) @@ -73,6 +73,7 @@ if (png_alloc_find_node(addr)) return; node = malloc(sizeof (png_alloc_node_t)); + if (!node) return; node->addr = addr; node->size = size; node->prev = png_alloc_tail; @@ -104,6 +105,7 @@ void *png_alloc_malloc(size_t size) { void *addr = malloc(size); + if (!addr) return NULL; png_alloc_add_node(addr, size); return addr; } @@ -1347,6 +1349,10 @@ goto failed; } pngData = malloc(pngSize); + if (!pngData) { + error = -1; + goto failed; + } if (read(pngFile, (char *) pngData, pngSize) != pngSize) { error = -1; goto failed; @@ -1365,6 +1371,11 @@ goto failed; } uint8_t *result = malloc(info->width*4*info->height); + if (!result) + { + error = -1; + goto failed; + } *width = info->width; *height = info->height; memcpy(result, info->image->data, info->width*4*info->height); @@ -1397,6 +1408,11 @@ goto failed; } uint8_t *result = malloc(info->width*4*info->height); + if (!result) + { + error = -1; + goto failed; + } *width = info->width; *height = info->height; memcpy(result, info->image->data, info->width*4*info->height); Index: branches/cparm/i386/modules/KernelPatcher/kernel_patcher.c =================================================================== --- branches/cparm/i386/modules/KernelPatcher/kernel_patcher.c (revision 2120) +++ branches/cparm/i386/modules/KernelPatcher/kernel_patcher.c (revision 2121) @@ -129,6 +129,8 @@ if(patches == NULL) { patches = entry = malloc(sizeof(patchRoutine_t)); + + if (!entry || !patches) return; } else { @@ -139,6 +141,9 @@ } entry->next = malloc(sizeof(patchRoutine_t)); + + if (!entry) return; + entry = entry->next; } @@ -153,6 +158,7 @@ if(kernelSymbols == NULL) { kernelSymbols = malloc(sizeof(kernSymbols_t)); + if (!kernelSymbols) return; kernelSymbols->next = NULL; kernelSymbols->symbol = (char*)name; kernelSymbols->addr = 0; @@ -166,6 +172,8 @@ } symbol->next = malloc(sizeof(kernSymbols_t)); + if (!symbol->next) return; + symbol = symbol->next; symbol->next = NULL; Index: branches/cparm/i386/modules/HibernateEnabler/bmdecompress.c =================================================================== --- branches/cparm/i386/modules/HibernateEnabler/bmdecompress.c (revision 2120) +++ branches/cparm/i386/modules/HibernateEnabler/bmdecompress.c (revision 2121) @@ -46,6 +46,9 @@ uint16_t * sc1 = malloc((width+2) * sizeof(uint16_t)); uint16_t * sc2 = malloc((width+2) * sizeof(uint16_t)); uint16_t * sc3 = malloc((width+2) * sizeof(uint16_t)); + + if (!sc0 || !sc1 || !sc2 || !sc3) return; + uint32_t sr0, sr1, sr2, sr3; bzero(sc0, (width+2) * sizeof(uint16_t)); @@ -147,6 +150,10 @@ uint16_t * sc1 = malloc((width+2) * sizeof(uint16_t)); uint16_t * sc2 = malloc((width+2) * sizeof(uint16_t)); uint16_t * sc3 = malloc((width+2) * sizeof(uint16_t)); + + if (!sc0 || !sc1 || !sc2 || !sc3) return; + + uint32_t sr0, sr1, sr2, sr3; bzero(sc0, (width+2) * sizeof(uint16_t)); Index: branches/cparm/i386/modules/USBFix/usb.c =================================================================== --- branches/cparm/i386/modules/USBFix/usb.c (revision 2120) +++ branches/cparm/i386/modules/USBFix/usb.c (revision 2121) @@ -57,7 +57,7 @@ current = current->next; } current->next = (struct pciList*)malloc(sizeof(struct pciList)); - if (!current) { + if (!current->next) { return; } current = current->next; Index: branches/cparm/i386/util/fdisk/fdisk.c =================================================================== --- branches/cparm/i386/util/fdisk/fdisk.c (revision 2120) +++ branches/cparm/i386/util/fdisk/fdisk.c (revision 2121) @@ -239,6 +239,9 @@ } mbr_binary = (char *)malloc(MBR_CODE_SIZE); + if (!mbr_binary) errx(1, "out of memory"); + + if ((fd = open(mbrfile, O_RDONLY)) == -1) { warn("could not open MBR file %s", mbrfile); bzero(mbr_binary, MBR_CODE_SIZE); @@ -259,6 +262,7 @@ } else if (i_flag) { /* If they didn't specify -a, they'll get the default auto style */ mp = MBR_alloc(NULL); + if (!mp) errx(1, "out of memory"); if (AUTO_init(&disk, auto_style, mp) != AUTO_OK) { errx(1, "error initializing disk"); } Index: branches/cparm/i386/util/fdisk/user.c =================================================================== --- branches/cparm/i386/util/fdisk/user.c (revision 2120) +++ branches/cparm/i386/util/fdisk/user.c (revision 2121) @@ -156,7 +156,10 @@ /* Read MBR & partition */ mbr = MBR_alloc(NULL); + if (!mbr) errx(1, "out of memory"); fd = DISK_open(disk->name, O_RDONLY); + if (fd == -1) + err(1, "Could not open %s", disk->name); MBR_read(disk, fd, offset, mbr); DISK_close(fd); @@ -256,6 +259,8 @@ mbr_t *mbr; fd = DISK_open(disk->name, O_RDONLY); + if (fd == -1) + err(1, "Could not open %s", disk->name); /*offset = firstoff = 0;*/ if (!do_dump) Index: branches/cparm/i386/util/fdisk/mbr.c =================================================================== --- branches/cparm/i386/util/fdisk/mbr.c (revision 2120) +++ branches/cparm/i386/util/fdisk/mbr.c (revision 2121) @@ -237,7 +237,10 @@ mbr_t *mbrd; mbrd = MBR_alloc(NULL); + if (!mbr) errx(1, "out of memory"); fd = DISK_open(disk->name, O_RDONLY); + if (fd == -1) + err(1, "Could not open %s", disk->name); MBR_read(disk, fd, offset, mbrd); DISK_close(fd); MBR_parse(disk, offset, reloff, mbrd); @@ -393,6 +396,7 @@ if (mbr == NULL) { mbr = MBR_alloc(prev_mbr); + if (!mbr) errx(1, "out of memory"); if (head == NULL) head = mbr; } @@ -446,6 +450,7 @@ MBR_alloc(mbr_t *parent) { mbr_t *mbr = (mbr_t *)malloc(sizeof(mbr_t)); + if (!mbr) return NULL; bzero(mbr, sizeof(mbr_t)); if (parent) { parent->next = mbr; @@ -475,9 +480,12 @@ int i, fd, offset, firstoff; fd = DISK_open(disk->name, O_RDONLY); + if (fd == -1) + err(1, "Could not open %s", disk->name); firstoff = offset = 0; do { mbr = MBR_alloc(mbr); + if (!mbr) errx(1, "out of memory"); if (head == NULL) { head = mbr; } @@ -511,6 +519,8 @@ int fd; fd = DISK_open(disk->name, O_RDWR); + if (fd == -1) + err(1, "Could not open %s", disk->name); while (mbr) { MBR_make(mbr); result = MBR_write(disk, fd, mbr); Index: branches/cparm/i386/util/fdisk/disk.c =================================================================== --- branches/cparm/i386/util/fdisk/disk.c (revision 2120) +++ branches/cparm/i386/util/fdisk/disk.c (revision 2121) @@ -167,7 +167,10 @@ /* Get label metrics */ if ((fd = DISK_open(name, O_RDONLY)) != -1) { lm = malloc(sizeof(DISK_metrics)); - + if (!lm) { + err(1, "DISK_getlabelmetrics: Could not allocate memory"); + return NULL; + } if (fstat(fd, &st) == -1) err(1, "%s", name); if (!S_ISREG(st.st_mode) || S_ISBLK(st.st_mode)) {