Harden list management in pgm.c/config_gram.y

stefanrueger · stefanrueger · commit 3e49f078b3ff · 2022-08-24T00:03:45.000+01:00
diff --git a/src/config_gram.y b/src/config_gram.y
@@ -536,25 +536,22 @@ usb_pid_list:
   TKN_NUMBER {
     {
       /* overwrite pids, so clear the existing entries */
-      ldestroy_cb(current_prog->usbpid, free);
+      if(current_prog->usbpid)
+        ldestroy_cb(current_prog->usbpid, free);
       current_prog->usbpid = lcreat(NULL, 0);
     }
     {
-      int *ip = malloc(sizeof(int));
-      if (ip) {
-        *ip = $1->value.number;
-        ladd(current_prog->usbpid, ip);
-      }
+      int *ip = cfg_malloc("usb_pid_list", sizeof(int));
+      *ip = $1->value.number;
+      ladd(current_prog->usbpid, ip);
       free_token($1);
     }
   } |
   usb_pid_list TKN_COMMA TKN_NUMBER {
     {
-      int *ip = malloc(sizeof(int));
-      if (ip) {
-        *ip = $3->value.number;
-        ladd(current_prog->usbpid, ip);
-      }
+      int *ip = cfg_malloc("usb_pid_list", sizeof(int));
+      *ip = $3->value.number;
+      ladd(current_prog->usbpid, ip);
       free_token($3);
     }
   }
@@ -568,25 +565,22 @@ hvupdi_support_list:
   TKN_NUMBER {
     {
       /* overwrite list entries, so clear the existing entries */
-      ldestroy_cb(current_prog->hvupdi_support, free);
+      if(current_prog->hvupdi_support)
+        ldestroy_cb(current_prog->hvupdi_support, free);
       current_prog->hvupdi_support = lcreat(NULL, 0);
     }
     {
-      int *ip = malloc(sizeof(int));
-      if (ip) {
-        *ip = $1->value.number;
-        ladd(current_prog->hvupdi_support, ip);
-      }
+      int *ip = cfg_malloc("hvupdi_support_list", sizeof(int));
+      *ip = $1->value.number;
+      ladd(current_prog->hvupdi_support, ip);
       free_token($1);
     }
   } |
   hvupdi_support_list TKN_COMMA TKN_NUMBER {
     {
-      int *ip = malloc(sizeof(int));
-      if (ip) {
-        *ip = $3->value.number;
-        ladd(current_prog->hvupdi_support, ip);
-      }
+      int *ip = cfg_malloc("hvupdi_support_list", sizeof(int));
+      *ip = $3->value.number;
+      ladd(current_prog->hvupdi_support, ip);
       free_token($3);
     }
   }
diff --git a/src/pgm.c b/src/pgm.c
@@ -152,12 +152,18 @@ PROGRAMMER *pgm_new(void) {
 
 void pgm_free(PROGRAMMER *p) {
   if(p) {
-    ldestroy_cb(p->id, free);
-    ldestroy_cb(p->usbpid, free);
-    ldestroy_cb(p->hvupdi_support, free);
-    p->id = NULL;
-    p->usbpid = NULL;
-    p->hvupdi_support = NULL;
+    if(p->id) {
+      ldestroy_cb(p->id, free);
+      p->id = NULL;
+    }
+    if(p->usbpid) {
+      ldestroy_cb(p->usbpid, free);
+      p->usbpid = NULL;
+    }
+    if(p->hvupdi_support) {
+      ldestroy_cb(p->hvupdi_support, free);
+      p->hvupdi_support = NULL;
+    }
     // Never free const char *, eg, p->desc, which are set by cache_string()
     // p->cookie is freed by pgm_teardown
     free(p);
@@ -168,22 +174,27 @@ PROGRAMMER *pgm_dup(const PROGRAMMER *src) {
   PROGRAMMER *pgm = pgm_new();
 
   if(src) {
+    ldestroy_cb(pgm->id, free);
+    ldestroy_cb(pgm->usbpid, free);
+    ldestroy_cb(pgm->hvupdi_support, free);
     memcpy(pgm, src, sizeof(*pgm));
     pgm->id = lcreat(NULL, 0);
     pgm->usbpid = lcreat(NULL, 0);
     pgm->hvupdi_support = lcreat(NULL, 0);
 
     // Leave id list empty but copy usbpid and hvupdi_support over
-    for(LNODEID ln = lfirst(src->hvupdi_support); ln; ln = lnext(ln)) {
-      int *ip = cfg_malloc("pgm_dup()", sizeof(int));
-      *ip = *(int *) ldata(ln);
-      ladd(pgm->hvupdi_support, ip);
-    }
-    for(LNODEID ln = lfirst(src->usbpid); ln; ln = lnext(ln)) {
-      int *ip = cfg_malloc("pgm_dup()", sizeof(int));
-      *ip = *(int *) ldata(ln);
-      ladd(pgm->usbpid, ip);
-    }
+    if(src->hvupdi_support)
+      for(LNODEID ln = lfirst(src->hvupdi_support); ln; ln = lnext(ln)) {
+        int *ip = cfg_malloc("pgm_dup()", sizeof(int));
+        *ip = *(int *) ldata(ln);
+        ladd(pgm->hvupdi_support, ip);
+      }
+    if(src->usbpid)
+      for(LNODEID ln = lfirst(src->usbpid); ln; ln = lnext(ln)) {
+        int *ip = cfg_malloc("pgm_dup()", sizeof(int));
+        *ip = *(int *) ldata(ln);
+        ladd(pgm->usbpid, ip);
+      }
   }
 
   return pgm;

Original file line number	Diff line number	Diff line change
`@@ -536,25 +536,22 @@ usb_pid_list:`
`536`	`536`	`TKN_NUMBER {`
`537`	`537`	`{`
`538`	`538`	`/* overwrite pids, so clear the existing entries */`
`539`		`- ldestroy_cb(current_prog->usbpid, free);`
	`539`	`+ if(current_prog->usbpid)`
	`540`	`+ ldestroy_cb(current_prog->usbpid, free);`
`540`	`541`	`current_prog->usbpid = lcreat(NULL, 0);`
`541`	`542`	`}`
`542`	`543`	`{`
`543`		`- int *ip = malloc(sizeof(int));`
`544`		`- if (ip) {`
`545`		`- *ip = $1->value.number;`
`546`		`- ladd(current_prog->usbpid, ip);`
`547`		`- }`
	`544`	`+ int *ip = cfg_malloc("usb_pid_list", sizeof(int));`
	`545`	`+ *ip = $1->value.number;`
	`546`	`+ ladd(current_prog->usbpid, ip);`
`548`	`547`	`free_token($1);`
`549`	`548`	`}`
`550`	`549`	`} \|`
`551`	`550`	`usb_pid_list TKN_COMMA TKN_NUMBER {`
`552`	`551`	`{`
`553`		`- int *ip = malloc(sizeof(int));`
`554`		`- if (ip) {`
`555`		`- *ip = $3->value.number;`
`556`		`- ladd(current_prog->usbpid, ip);`
`557`		`- }`
	`552`	`+ int *ip = cfg_malloc("usb_pid_list", sizeof(int));`
	`553`	`+ *ip = $3->value.number;`
	`554`	`+ ladd(current_prog->usbpid, ip);`
`558`	`555`	`free_token($3);`
`559`	`556`	`}`
`560`	`557`	`}`
`@@ -568,25 +565,22 @@ hvupdi_support_list:`
`568`	`565`	`TKN_NUMBER {`
`569`	`566`	`{`
`570`	`567`	`/* overwrite list entries, so clear the existing entries */`
`571`		`- ldestroy_cb(current_prog->hvupdi_support, free);`
	`568`	`+ if(current_prog->hvupdi_support)`
	`569`	`+ ldestroy_cb(current_prog->hvupdi_support, free);`
`572`	`570`	`current_prog->hvupdi_support = lcreat(NULL, 0);`
`573`	`571`	`}`
`574`	`572`	`{`
`575`		`- int *ip = malloc(sizeof(int));`
`576`		`- if (ip) {`
`577`		`- *ip = $1->value.number;`
`578`		`- ladd(current_prog->hvupdi_support, ip);`
`579`		`- }`
	`573`	`+ int *ip = cfg_malloc("hvupdi_support_list", sizeof(int));`
	`574`	`+ *ip = $1->value.number;`
	`575`	`+ ladd(current_prog->hvupdi_support, ip);`
`580`	`576`	`free_token($1);`
`581`	`577`	`}`
`582`	`578`	`} \|`
`583`	`579`	`hvupdi_support_list TKN_COMMA TKN_NUMBER {`
`584`	`580`	`{`
`585`		`- int *ip = malloc(sizeof(int));`
`586`		`- if (ip) {`
`587`		`- *ip = $3->value.number;`
`588`		`- ladd(current_prog->hvupdi_support, ip);`
`589`		`- }`
	`581`	`+ int *ip = cfg_malloc("hvupdi_support_list", sizeof(int));`
	`582`	`+ *ip = $3->value.number;`
	`583`	`+ ladd(current_prog->hvupdi_support, ip);`
`590`	`584`	`free_token($3);`
`591`	`585`	`}`
`592`	`586`	`}`