ondra@openldap.org wrote:
Full_Name: Ondrej Kuznik Version: re24/master OS: URL: Submission from: (NULL) (212.159.69.225)
A look at the code highlights a few places where *alloc responses are used unchecked.
The following semantic patch is a good starting point. Currently it lists 87 sites most of which probably need adjusting.
--- malloc_check.cocci --- @@ expression E, E1; identifier ch_alloc =~ "^(ch|slap)_.*alloc.*"; identifier f =~ "(?i).*alloc.*"; identifier foo; @@
E = ( ch_alloc
ch_malloc always aborts if it fails, therefore failure checks are not used.
| entry_alloc> | attr_alloc |
These rely on ch_malloc, therefore failure checks are not used.
metaconn_alloc | asyncmeta_conn_alloc | CompAlloc /* component matching has massively bitrotted */ |
- f
)(...); ... when != E = E1 when != E == NULL when != E != NULL ( E->foo | E[...] | *(E) ) --- malloc_check.cocci ---
Patches coming soon.