[11/11] xf86drm: Validate function return value

Submitted by Praveen Paneri on April 10, 2015, 8:43 a.m.

Details

Message ID 1428655383-26087-12-git-send-email-praveen.paneri@intel.com
State New
Headers show

Not browsing as part of any series.

Commit Message

Praveen Paneri April 10, 2015, 8:43 a.m.
Return value of drmHashCreate() and drmGetEntry() functions
can be NULL. It should be validated before being used.

Signed-off-by: Praveen Paneri <praveen.paneri@intel.com>
---
 xf86drm.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/xf86drm.c b/xf86drm.c
index 920c6b8..5cad955 100644
--- a/xf86drm.c
+++ b/xf86drm.c
@@ -178,20 +178,25 @@  static unsigned long drmGetKeyFromFd(int fd)
 drmHashEntry *drmGetEntry(int fd)
 {
     unsigned long key = drmGetKeyFromFd(fd);
-    void          *value;
+    void          *value = NULL;
     drmHashEntry  *entry;
 
     if (!drmHashTable)
 	drmHashTable = drmHashCreate();
 
-    if (drmHashLookup(drmHashTable, key, &value)) {
+    if (drmHashTable && drmHashLookup(drmHashTable, key, &value)) {
 	entry           = drmMalloc(sizeof(*entry));
 	if (!entry)
 	    return NULL;
 	entry->fd       = fd;
 	entry->f        = NULL;
 	entry->tagTable = drmHashCreate();
-	drmHashInsert(drmHashTable, key, entry);
+	if (entry->tagTable) {
+		drmHashInsert(drmHashTable, key, entry);
+	} else {
+		drmFree(entry);
+		entry = NULL;
+	}
     } else {
 	entry = value;
     }
@@ -1219,6 +1224,8 @@  int drmClose(int fd)
 {
     unsigned long key    = drmGetKeyFromFd(fd);
     drmHashEntry  *entry = drmGetEntry(fd);
+    if(!entry)
+	return -ENOMEM;
 
     drmHashDestroy(entry->tagTable);
     entry->fd       = 0;
@@ -2258,6 +2265,8 @@  int drmGetInterruptFromBusID(int fd, int busnum, int devnum, int funcnum)
 int drmAddContextTag(int fd, drm_context_t context, void *tag)
 {
     drmHashEntry  *entry = drmGetEntry(fd);
+    if (!entry)
+        return -ENOMEM;
 
     if (drmHashInsert(entry->tagTable, context, tag)) {
 	drmHashDelete(entry->tagTable, context);
@@ -2270,13 +2279,18 @@  int drmDelContextTag(int fd, drm_context_t context)
 {
     drmHashEntry  *entry = drmGetEntry(fd);
 
-    return drmHashDelete(entry->tagTable, context);
+    if (entry)
+	return drmHashDelete(entry->tagTable, context);
+    return -ENOMEM;
 }
 
 void *drmGetContextTag(int fd, drm_context_t context)
 {
-    drmHashEntry  *entry = drmGetEntry(fd);
     void          *value;
+    drmHashEntry  *entry = drmGetEntry(fd);
+
+    if (!entry)
+        return NULL;
 
     if (drmHashLookup(entry->tagTable, context, &value))
 	return NULL;