From e1e389a2ddb7c79581fcecc018d75fab345c0378 Mon Sep 17 00:00:00 2001 From: Andrew Johnson Date: Fri, 7 Feb 2014 17:19:28 -0600 Subject: [PATCH] Low-memory behaviour fixes. Fix unchecked buffer allocation in dbChannel.c Replace calls to epicsStrDup() with checked malloc() for things that happen often after iocInit. Michael Davidsaver pointed out this issue. --- src/ioc/db/dbChannel.c | 10 +++++++++- src/ioc/dbStatic/dbStaticLib.c | 4 +++- src/libCom/iocsh/iocsh.cpp | 3 ++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/ioc/db/dbChannel.c b/src/ioc/db/dbChannel.c index 047c92a1d..998d02005 100644 --- a/src/ioc/db/dbChannel.c +++ b/src/ioc/db/dbChannel.c @@ -465,6 +465,7 @@ dbChannel * dbChannelCreate(const char *name) const char *pname = name; DBENTRY dbEntry; dbChannel *chan = NULL; + char *cname; dbAddr *paddr; dbFldDes *pflddes; long status; @@ -478,7 +479,14 @@ dbChannel * dbChannelCreate(const char *name) goto finish; chan = freeListCalloc(dbChannelFreeList); - chan->name = epicsStrDup(name); + if (!chan) + goto finish; + cname = malloc(strlen(name) + 1); + if (!cname) + goto finish; + + strcpy(cname, name); + chan->name = cname; ellInit(&chan->filters); ellInit(&chan->pre_chain); ellInit(&chan->post_chain); diff --git a/src/ioc/dbStatic/dbStaticLib.c b/src/ioc/dbStatic/dbStaticLib.c index 81edea973..58d0242e1 100644 --- a/src/ioc/dbStatic/dbStaticLib.c +++ b/src/ioc/dbStatic/dbStaticLib.c @@ -2113,7 +2113,9 @@ long dbPutString(DBENTRY *pdbentry,const char *pstring) return status; } /* store link text in case DTYP changes later */ - plink->text = epicsStrDup(pstring); + plink->text = malloc(strlen(pstring) + 1); + if (plink->text) + strcpy(plink->text, pstring); } if (strlen(pstring) >= sizeof(string)) { status = S_dbLib_badField; diff --git a/src/libCom/iocsh/iocsh.cpp b/src/libCom/iocsh/iocsh.cpp index c1d50d27e..81727696b 100644 --- a/src/libCom/iocsh/iocsh.cpp +++ b/src/libCom/iocsh/iocsh.cpp @@ -284,11 +284,12 @@ cvtArg (const char *filename, int lineno, char *arg, iocshArgBuf *argBuf, break; case iocshArgPersistentString: - argBuf->sval = epicsStrDup(arg); + argBuf->sval = (char *) malloc(strlen(arg) + 1); if (argBuf->sval == NULL) { showError(filename, lineno, "Out of memory"); return 0; } + strcpy(argBuf->sval, arg); break; case iocshArgPdbbase: