Fix memory leaks in RBin reported by Coverity (#17068)

* Fix memory leaks in RBin reported by Coverity Co-authored-by: pancake <pancake@nopcode.org>
2024-11-28 15:41:38 +00:00 · 2020-06-16 11:30:04 +02:00 · 2020-06-16 11:30:04 +02:00 · c1328f7e10
commit c1328f7e10
parent aeca50166d
2 changed files with 33 additions and 70 deletions
--- a/libr/bin/format/pe/pe.c
+++ b/libr/bin/format/pe/pe.c
@ -3072,7 +3072,7 @@ struct r_bin_pe_addr_t* PE_(r_bin_pe_get_entrypoint)(struct PE_(r_bin_pe_obj_t)*
 struct r_bin_pe_export_t* PE_(r_bin_pe_get_exports)(struct PE_(r_bin_pe_obj_t)* bin) {
 	r_return_val_if_fail (bin, NULL);
 	struct r_bin_pe_export_t* exp, * exports = NULL;
-	PE_Word function_ordinal;
+	PE_Word function_ordinal = 0;
 	PE_VWord functions_paddr, names_paddr, ordinals_paddr, function_rva, name_vaddr, name_paddr;
 	char function_name[PE_NAME_LENGTH + 1], forwarder_name[PE_NAME_LENGTH + 1];
 	char dll_name[PE_NAME_LENGTH + 1];
--- a/libr/bin/p/bin_dex.c
+++ b/libr/bin/p/bin_dex.c
@ -300,6 +300,7 @@ static char *dex_get_proto(RBinDexObj *bin, int proto_id) {
 		char *newsig = realloc (signature, size);
 		if (!newsig) {
 			eprintf ("Cannot realloc to %d\n", size);
+			free (signature);
 			break;
 		}
 		signature = newsig;
@ -336,7 +337,7 @@ static ut16 read16(RBuffer* b, ut64 addr) {
 static RList *dex_method_signature2(RBinDexObj *bin, int method_idx) {
 	ut32 proto_id, params_off, list_size;
 	ut16 type_idx;
-	int i;
+	size_t i;

 	RList *params = r_list_new ();
 	if (!params) {
@ -428,10 +429,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 		argReg++;
 	}
 	if (!(params = dex_method_signature2 (dex, MI))) {
-		free (debug_positions);
-		free (emitted_debug_locals);
-		free (debug_locals);
-		return;
+		goto beach;
 	}

 	RListIter *iter;
@ -441,11 +439,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,

 	r_list_foreach (params, iter, type) {
 		if ((argReg >= regsz) || !type || parameters_size <= 0) {
-			free (debug_positions);
-			free (params);
-			free (debug_locals);
-			free (emitted_debug_locals);
-			return;
+			goto beach;
 		}
 		(void)r_buf_uleb128 (bf->buf, &res);
 		param_type_idx = res - 1;
@ -471,8 +465,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 	}
 	ut8 opcode = 0;
 	if (r_buf_read (bf->buf, &opcode, 1) != 1) {
-		// error
-		return;
+		goto beach;
 	}
 	while (keep) {
 		switch (opcode) {
@ -502,11 +495,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 			name_idx--;
 			type_idx--;
 			if (register_num >= regsz) {
-				r_list_free (debug_positions);
-				free (params);
-				free (debug_locals);
-				free (emitted_debug_locals);
-				return;
+				goto beach;
 			}
 			// Emit what was previously there, if anything
 			// emitLocalCbIfLive
@ -545,10 +534,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 			type_idx--;
 			name_idx--;
 			if (register_num >= regsz) {
-				r_list_free (debug_positions);
-				free (params);
-				free (debug_locals);
-				return;
+				goto beach;
 			}

 			// Emit what was previously there, if anything
@ -582,10 +568,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 			r_buf_uleb128 (bf->buf, &register_num);
 			// emitLocalCbIfLive
 			if (register_num >= regsz) {
-				r_list_free (debug_positions);
-				free (params);
-				free (debug_locals);
-				return;
+				goto beach;
 			}
 			if (debug_locals[register_num].live) {
 				struct dex_debug_local_t *local = malloc (
@ -611,10 +594,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 			ut64 register_num;
 			r_buf_uleb128 (bf->buf, &register_num);
 			if (register_num >= regsz) {
-				r_list_free (debug_positions);
-				free (params);
-				free (debug_locals);
-				return;
+				goto beach;
 			}
 			if (!debug_locals[register_num].live) {
 				debug_locals[register_num].startAddress = address;
@ -664,10 +644,8 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 	struct dex_debug_position_t *pos;
 // Loading the debug info takes too much time and nobody uses this afaik
 // 0.5s of 5s is spent in this loop
-#if 1
 	r_list_foreach (debug_positions, iter1, pos) {
 		const char *line = getstr (dex, pos->source_file_idx);
-#if 1
 		char offset[64] = {0};
 		if (!line || !*line) {
 			continue;
@ -677,7 +655,7 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 		sdb_set (bf->sdb_addrinfo, offset_ptr, fileline, 0);
 		sdb_set (bf->sdb_addrinfo, fileline, offset_ptr, 0);
 		free (fileline);
-#endif
+
 		RBinDwarfRow *rbindwardrow = R_NEW0 (RBinDwarfRow);
 		if (!rbindwardrow) {
 			dexdump = false;
@ -692,13 +670,8 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 			free (rbindwardrow);
 		}
 	}
-#endif
 	if (!dexdump) {
-		free (debug_positions);
-		free (emitted_debug_locals);
-		free (debug_locals);
-		free (params);
-		return;
+		goto beach;
 	}

 	RListIter *iter2;
@ -736,33 +709,31 @@ static void dex_parse_debug_item(RBinFile *bf, RBinDexClass *c, int MI, int MA,
 		if (debug_locals[reg].live) {
 			if (debug_locals[reg].signature) {
 				rbin->cb_printf (
-					"        0x%04x - 0x%04x reg=%d %s %s "
-					"%s\n",
+					"        0x%04x - 0x%04x reg=%d %s %s %s\n",
 					debug_locals[reg].startAddress,
 					insns_size, reg, debug_locals[reg].name,
 					debug_locals[reg].descriptor,
 					debug_locals[reg].signature);
 			} else {
 				rbin->cb_printf (
-					"        0x%04x - 0x%04x reg=%d %s %s"
-					"\n",
+					"        0x%04x - 0x%04x reg=%d %s %s\n",
 					debug_locals[reg].startAddress,
 					insns_size, reg, debug_locals[reg].name,
 					debug_locals[reg].descriptor);
 			}
 		}
 	}
-	free (debug_positions);
+beach:
+	r_list_free (debug_positions);
+	r_list_free (emitted_debug_locals);
+	r_list_free (params);
 	free (debug_locals);
-	free (emitted_debug_locals);
-	free (params);
 }

 static Sdb *get_sdb(RBinFile *bf) {
+	r_return_val_if_fail (bf && bf->o, NULL);
 	RBinObject *o = bf->o;
-	if (!o || !o->bin_obj) {
-		return NULL;
-	}
+	r_return_val_if_fail (o && o->bin_obj, NULL);
 	struct r_bin_dex_obj_t *bin = (struct r_bin_dex_obj_t *) o->bin_obj;
 	return bin->kv;
 }
@ -1030,29 +1001,21 @@ static char *dex_method_fullname(RBinDexObj *bin, int method_idx) {
 	if (!name) {
 		return NULL;
 	}
-	const char *className = dex_class_name_byid (bin, cid);
 	char *flagname = NULL;
-	if (className) {
-		char *class_name = strdup (className);
-		r_str_replace_char (class_name, ';', 0);
-		char *signature = dex_method_signature (bin, method_idx);
-		if (signature) {
-			flagname = r_str_newf ("%s.%s%s", class_name, name, signature);
-			free (signature);
-		} else {
-			flagname = r_str_newf ("%s.%s%s", class_name, name, "???");
-		}
-		free (class_name);
-	} else {
-		char *signature = dex_method_signature (bin, method_idx);
-		if (signature) {
-			flagname = r_str_newf ("%s.%s%s", "???", name, signature);
-			free (signature);
-		} else {
-			flagname = r_str_newf ("%s.%s%s", "???", name, "???");
-			free (signature);
-		}
+
+	char *class_name = dex_class_name_byid (bin, cid);
+	if (!class_name) {
+		class_name = strdup ("???");
 	}
+	r_str_replace_char (class_name, ';', 0);
+	char *signature = dex_method_signature (bin, method_idx);
+	if (signature) {
+		flagname = r_str_newf ("%s.%s%s", class_name, name, signature);
+		free (signature);
+	} else {
+		flagname = r_str_newf ("%s.%s%s", class_name, name, "???");
+	}
+	free (class_name);
 	if (flagname && simplifiedDemangling) {
 		char *p = strchr (flagname, '(');
 		if (p) {