From 54ad020b4e09bc7f72b316cd32af20aa73f7f213 Mon Sep 17 00:00:00 2001 From: Mark Pizzolato Date: Sat, 5 May 2012 09:23:19 -0700 Subject: [PATCH] Fixed potential memory leaks on error paths in scp.c/sim_rest (Peter Schorn) --- scp.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/scp.c b/scp.c index 621cadd8..3dcad038 100644 --- a/scp.c +++ b/scp.c @@ -3118,8 +3118,10 @@ for (i = 0; (dptr = sim_devices[i]) != NULL; i++) { /* loop thru devices */ for (l = 0; (l < SRBSIZ) && (k < high); l++, k = k + (dptr->aincr)) { /* check for 0 block */ r = dptr->examine (&val, k, uptr, SIM_SW_REST); - if (r != SCPE_OK) + if (r != SCPE_OK) { + free (mbuf); return r; + } if (val) zeroflg = FALSE; SZ_STORE (sz, val, mbuf, l); } /* end for l */ @@ -3358,19 +3360,26 @@ for ( ;; ) { /* device loop */ if ((mbuf = calloc (SRBSIZ, sz)) == NULL) return SCPE_MEM; for (k = 0; k < high; ) { /* loop thru mem */ - READ_I (blkcnt); /* block count */ + if (sim_fread (&blkcnt, sizeof (blkcnt), 1, rfile) == 0) {/* block count */ + free (mbuf); + return SCPE_IOERR; + } if (blkcnt < 0) /* compressed? */ limit = -blkcnt; else limit = (int32)sim_fread (mbuf, sz, blkcnt, rfile); - if (limit <= 0) /* invalid or err? */ + if (limit <= 0) { /* invalid or err? */ + free (mbuf); return SCPE_IOERR; + } for (j = 0; j < limit; j++, k = k + (dptr->aincr)) { if (blkcnt < 0) /* compressed? */ val = 0; else SZ_LOAD (sz, val, mbuf, j); /* saved value */ r = dptr->deposit (val, k, uptr, SIM_SW_REST); - if (r != SCPE_OK) + if (r != SCPE_OK) { + free (mbuf); return r; + } } /* end for j */ } /* end for k */ free (mbuf); /* dealloc buffer */