From 33705eff86e750b2dde686fcdf46fbc39ca96248 Mon Sep 17 00:00:00 2001 From: Matthew Jordan Date: Thu, 17 May 2012 12:57:30 +0000 Subject: [PATCH] Fix checking bounds of array index after using it; improper sizeof This patch fixes two problems pointed out by a static analysis tool. * In chan_dahdi, when an event is handled the index of the sub channel is first obtained. In very off nominal cases, the method that determines the index can return a negative value. In the event handling code, whether or not the index returned is valid was being checked after that value was used to index into an array. This patch makes it so the value is checked before any indexing is done. * In res_calendar_ews, sizeof was being passed a pointer instead of the struct to determine the amount of memory to allocate. (issue ASTERISK-19651) Reported by: Matt Jordan (closes issue ASTERISK-19671) Reported by: Matt Jordan ........ Merged revisions 366740 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@366741 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_dahdi.c | 5 +++-- res/res_calendar_ews.c | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index 7283d39d19..85b621882a 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -7954,6 +7954,9 @@ static struct ast_frame *dahdi_handle_event(struct ast_channel *ast) struct ast_frame *f; idx = dahdi_get_index(ast, p, 0); + if (idx < 0) { + return &ast_null_frame; + } mysig = p->sig; if (p->outsigmod > -1) mysig = p->outsigmod; @@ -7967,8 +7970,6 @@ static struct ast_frame *dahdi_handle_event(struct ast_channel *ast) p->subs[idx].f.data.ptr = NULL; f = &p->subs[idx].f; - if (idx < 0) - return &p->subs[idx].f; if (p->fake_event) { res = p->fake_event; p->fake_event = 0; diff --git a/res/res_calendar_ews.c b/res/res_calendar_ews.c index d33f4be4fb..7deca9c975 100644 --- a/res/res_calendar_ews.c +++ b/res/res_calendar_ews.c @@ -233,7 +233,7 @@ static int startelm(void *userdata, int parent, const char *nspace, const char * /* Event UID */ if (ctx->op == XML_OP_FIND) { struct calendar_id *id; - if (!(id = ast_calloc(1, sizeof(id)))) { + if (!(id = ast_calloc(1, sizeof(*id)))) { return NE_XML_ABORT; } if (!(id->id = ast_str_create(256))) {