Fix null pointer dereference, resource reak, and error handling problems

Signed-off-by: Taeyoung Kim <ty317.kim@samsung.com>

diff --git a/src/um_customize.c b/src/um_customize.c
index 2a28380..2cc56a2 100644 (file)
--- a/src/um_customize.c
+++ b/src/um_customize.c
@@ -540,14 +540,30 @@ int get_default_usb_device(UmMainData *ad)
        FILE *fp;
        int ret;
        char buf[BUF_MAX];
-       UsbInterface devIf;
+       UsbInterface *devIf;
 
+       devIf = (UsbInterface *)malloc(sizeof(UsbInterface));
+       if (!devIf) {
+               USB_LOG("FAIL: malloc()");
+               return -1;
+       }
+
+       memset(devIf, 0, sizeof(UsbInterface));
+
+       /* The file does not exist if default usb device does not exist */
        ret = access("/tmp/usb_default", F_OK);
-       /*  The file does not exist if default usb device does not exist */
-       um_retvm_if(ret < 0, 0, "usb_default file does not exist.");
+       if(ret < 0) {
+               USB_LOG("usb_default file does not exist.");
+               FREE(devIf);
+               return 0;
+       }
 
        fp = fopen("/tmp/usb_default", "r");
-       um_retvm_if(!fp, -1, "FAIL: fopen()");
+       if (!fp) {
+               USB_LOG("FAIL: fopen()");
+               FREE(devIf);
+               return -1;
+       }
 
        while(fgets(buf, sizeof(buf), fp)) {
                USB_LOG("BUF: %s", buf);
@@ -556,18 +572,18 @@ int get_default_usb_device(UmMainData *ad)
        /* 'I' means interface descriptor which has information of class, subclass, and protocol */
        /* 'T' means Topology of devices which has information of bus number and device address */
                if (*buf == 'I') {
-                       get_device_info_from_device_desc(buf, &devIf);
-                       USB_LOG("interface number: %d, class: %d", devIf.ifNumber, devIf.ifClass);
-                       USB_LOG("subclass: %d, protocol: %d", devIf.ifSubClass, devIf.ifProtocol);
+                       get_device_info_from_device_desc(buf, devIf);
+                       USB_LOG("interface number: %d, class: %d", devIf->ifNumber, devIf->ifClass);
+                       USB_LOG("subclass: %d, protocol: %d", devIf->ifSubClass, devIf->ifProtocol);
 
                } else if (*buf == 'T') {
-                       get_device_info_from_topology_desc(buf, &devIf);
-                       USB_LOG("bus: %d, devaddress: %d", devIf.ifBus, devIf.ifAddress);
+                       get_device_info_from_topology_desc(buf, devIf);
+                       USB_LOG("bus: %d, devaddress: %d", devIf->ifBus, devIf->ifAddress);
                        continue;
 
                } else if (*buf == 'P') {
-                       get_device_info_from_product_desc(buf, &devIf);
-                       USB_LOG("vendor: %d, product: %d", devIf.ifIdVendor, devIf.ifIdProduct);
+                       get_device_info_from_product_desc(buf, devIf);
+                       USB_LOG("vendor: %d, product: %d", devIf->ifIdVendor, devIf->ifIdProduct);
                        continue;
 
                } else {
@@ -575,12 +591,13 @@ int get_default_usb_device(UmMainData *ad)
                        continue;
                }
 
-               ret = store_default_device_info(ad, &devIf);
+               ret = store_default_device_info(ad, devIf);
                if (ret < 0) {
                        USB_LOG("FAIL: store_default_device_info()");
                }
        }
 
+       FREE(devIf);
        fclose(fp);
        USB_LOG("Number of default devices: %d", g_list_length(ad->defaultDevList));
 

diff --git a/src/um_usb_host_manager.c b/src/um_usb_host_manager.c
index 3838479..391a405 100644 (file)
--- a/src/um_usb_host_manager.c
+++ b/src/um_usb_host_manager.c
@@ -128,6 +128,7 @@ static int get_ifs_from_device(libusb_device *device, GList **ifList)
                        USB_LOG("FAIL: malloc()");
                        libusb_free_config_descriptor(config);
                        g_list_free(*ifList);
+                       return -1;
                }
 
                devIf->ifClass = descIf->bInterfaceClass;
@@ -467,6 +468,7 @@ static Eina_Bool um_add_usb_host_device(void *data)
                ret = retrieve_interface_info(list[i], &ifList);
                if (ret < 0) {
                        USB_LOG("FAIL: retrieve_interface_info()");
+                       libusb_free_device_list(list, 1);
                        return -1;
                }
 

diff --git a/src/um_usb_uevent_handler.c b/src/um_usb_uevent_handler.c
index 7d30234..2c56b54 100644 (file)
--- a/src/um_usb_uevent_handler.c
+++ b/src/um_usb_uevent_handler.c
@@ -229,6 +229,7 @@ static int um_uevent_control_subsystem_misc(UmMainData *ad, struct udev_list_ent
        ret = um_event_control_get_value_by_name(list_entry, UDEV_ENTRY_NAME_ACCESSORY, &accessory);
        if (ret < 0 || !accessory) {
                USB_LOG("FAIL: um_event_control_get_value_by_name()");
+               FREE(action);
                FREE(accessory);
                return -1;
        }