Skip to content

Commit 750bf20

Browse files
MegamouseMegamouse
authored
Add missing checks for malloc/calloc/CloseHandle (#702)
1 parent c15392a commit 750bf20

File tree

2 files changed

+36
-4
lines changed

2 files changed

+36
-4
lines changed

libusb/hid.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1272,6 +1272,10 @@ hid_device * HID_API_EXPORT hid_open_path(const char *path)
12721272
return NULL;
12731273

12741274
dev = new_hid_device();
1275+
if (!dev) {
1276+
LOG("hid_open_path failed: Couldn't allocate memory\n");
1277+
return NULL;
1278+
}
12751279

12761280
libusb_get_device_list(usb_context, &devs);
12771281
while ((usb_dev = devs[d++]) != NULL && !good_open) {
@@ -1343,6 +1347,10 @@ HID_API_EXPORT hid_device * HID_API_CALL hid_libusb_wrap_sys_device(intptr_t sys
13431347
return NULL;
13441348

13451349
dev = new_hid_device();
1350+
if (!dev) {
1351+
LOG("libusb_wrap_sys_device failed: Couldn't allocate memory\n");
1352+
return NULL;
1353+
}
13461354

13471355
res = libusb_wrap_sys_device(usb_context, sys_dev, &dev->device_handle);
13481356
if (res < 0) {

windows/hid.c

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1045,7 +1045,10 @@ HID_API_EXPORT hid_device * HID_API_CALL hid_open_path(const char *path)
10451045

10461046
end_of_function:
10471047
free(interface_path);
1048-
CloseHandle(device_handle);
1048+
1049+
if (device_handle != INVALID_HANDLE_VALUE) {
1050+
CloseHandle(device_handle);
1051+
}
10491052

10501053
if (pp_data) {
10511054
HidD_FreePreparsedData(pp_data);
@@ -1085,8 +1088,15 @@ int HID_API_EXPORT HID_API_CALL hid_write(hid_device *dev, const unsigned char *
10851088
/* The user passed the right number of bytes. Use the buffer as-is. */
10861089
buf = (unsigned char *) data;
10871090
} else {
1088-
if (dev->write_buf == NULL)
1091+
if (dev->write_buf == NULL) {
10891092
dev->write_buf = (unsigned char *) malloc(dev->output_report_length);
1093+
1094+
if (dev->write_buf == NULL) {
1095+
register_string_error(dev, L"hid_write/malloc");
1096+
goto end_of_function;
1097+
}
1098+
}
1099+
10901100
buf = dev->write_buf;
10911101
memcpy(buf, data, length);
10921102
memset(buf + length, 0, dev->output_report_length - length);
@@ -1253,8 +1263,15 @@ int HID_API_EXPORT HID_API_CALL hid_send_feature_report(hid_device *dev, const u
12531263
buf = (unsigned char *) data;
12541264
length_to_send = length;
12551265
} else {
1256-
if (dev->feature_buf == NULL)
1266+
if (dev->feature_buf == NULL) {
12571267
dev->feature_buf = (unsigned char *) malloc(dev->feature_report_length);
1268+
1269+
if (dev->feature_buf == NULL) {
1270+
register_string_error(dev, L"hid_send_feature_report/malloc");
1271+
return -1;
1272+
}
1273+
}
1274+
12581275
buf = dev->feature_buf;
12591276
memcpy(buf, data, length);
12601277
memset(buf + length, 0, dev->feature_report_length - length);
@@ -1347,8 +1364,15 @@ int HID_API_EXPORT HID_API_CALL hid_send_output_report(hid_device* dev, const un
13471364
buf = (unsigned char *) data;
13481365
length_to_send = length;
13491366
} else {
1350-
if (dev->write_buf == NULL)
1367+
if (dev->write_buf == NULL) {
13511368
dev->write_buf = (unsigned char *) malloc(dev->output_report_length);
1369+
1370+
if (dev->write_buf == NULL) {
1371+
register_string_error(dev, L"hid_send_output_report/malloc");
1372+
return -1;
1373+
}
1374+
}
1375+
13521376
buf = dev->write_buf;
13531377
memcpy(buf, data, length);
13541378
memset(buf + length, 0, dev->output_report_length - length);

0 commit comments

Comments
 (0)