diff --git a/libr/anal/dwarf_process.c b/libr/anal/dwarf_process.c index 65dec6780abf5..c9d1ad9ca2ebe 100644 --- a/libr/anal/dwarf_process.c +++ b/libr/anal/dwarf_process.c @@ -272,6 +272,10 @@ static st32 parse_type(Context *ctx, const ut64 offset, RStrBuf *strbuf, ut64 *s } if (visited && set_u_contains (*visited, offset)) { R_LOG_WARN ("anal.dwarf.parse_type: infinite recursion detected"); + if (root) { + set_u_free (*visited); + free (visited); + } return -1; } set_u_add (*visited, offset); @@ -483,6 +487,7 @@ static RAnalEnumCase *parse_enumerator(Context *ctx, ut64 idx, RAnalEnumCase *re RBinDwarfAttrValue *value = &die->attr_values[i]; switch (die->attr_values[i].attr_name) { case DW_AT_name: + free (name); name = get_die_name (die); if (!name) { goto cleanup; @@ -497,7 +502,10 @@ static RAnalEnumCase *parse_enumerator(Context *ctx, ut64 idx, RAnalEnumCase *re } } - result->name = name; + if (result->name != name) { + free (result->name); + result->name = name; + } result->val = (int)val; return result; cleanup: @@ -616,7 +624,7 @@ static void parse_enum_type(Context *ctx, ut64 idx) { base_type->type = r_strbuf_drain_nofree (&strbuf); } - RAnalEnumCase cas; + RAnalEnumCase cas = {0}; if (die->has_children) { int child_depth = 1; // Direct children of the node size_t j; @@ -634,6 +642,7 @@ static void parse_enum_type(Context *ctx, ut64 idx) { enum_type_case_free (result, NULL); goto cleanup; } + cas.name = NULL; } if (child_die->has_children) { child_depth++; diff --git a/libr/anal/sign.c b/libr/anal/sign.c index 2407ff81f3e26..ef1d6379f2b0a 100644 --- a/libr/anal/sign.c +++ b/libr/anal/sign.c @@ -1332,6 +1332,8 @@ static double matchBytes(RSignItem *a, RSignItem *b) { } if (a->bytes->mask) { memcpy (combined_mask, a->bytes->mask, min_size); + } else { + memset (combined_mask, 0xff, min_size); } if (b->bytes->mask) { int i; diff --git a/libr/arch/p/arm/armass64.c b/libr/arch/p/arm/armass64.c index b40e8658e0772..b65a192f48718 100644 --- a/libr/arch/p/arm/armass64.c +++ b/libr/arch/p/arm/armass64.c @@ -1618,7 +1618,7 @@ static bool parseOperands(char *str, ArmOp *op) { int mem_opt = 0; int msr_op_index = 0; size_t index_bound = strcspn (t, "]"); - if (!token) { + if (!t) { return false; } @@ -1634,6 +1634,7 @@ static bool parseOperands(char *str, ArmOp *op) { } if (operand >= MAX_OPERANDS) { R_LOG_ERROR ("Too many operands"); + free (t); return false; } op->operands[operand].type = ARM_NOTYPE; @@ -1723,6 +1724,7 @@ static bool parseOperands(char *str, ArmOp *op) { token++; } if (!*token || !isdigit ((unsigned char)*token)) { + free (t); return false; } op->operands[operand].shift_amount = r_num_math (NULL, token); @@ -1748,6 +1750,7 @@ static bool parseOperands(char *str, ArmOp *op) { } if (!*token || !isdigit ((unsigned char)*token)) { if (present) { + free (t); return false; } op->operands[operand].shift_amount = 0; diff --git a/libr/arch/p/cosmac/pseudo.c b/libr/arch/p/cosmac/pseudo.c index 82f7fa38bc4f5..cf8d46c6d13bb 100644 --- a/libr/arch/p/cosmac/pseudo.c +++ b/libr/arch/p/cosmac/pseudo.c @@ -94,6 +94,7 @@ static char *parse(RAsmPluginSession *aps, const char *data) { #endif const char *op0 = buf; if (!strcmp (op0, "ret") || !strcmp (op0, "sret")) { + free (buf); return strdup ("return r0"); } char *str = malloc (strlen (data) + 128); diff --git a/libr/arch/p/x86_nz/pseudo.c b/libr/arch/p/x86_nz/pseudo.c index 8dd14076f3333..93ac176ec83ad 100644 --- a/libr/arch/p/x86_nz/pseudo.c +++ b/libr/arch/p/x86_nz/pseudo.c @@ -192,6 +192,7 @@ static char *parse(RAsmPluginSession *aps, const char *data) { *w0 = *w1 = *w2 = *w3 = '\0'; if (strchr (data, '(')) { // avoid double-pseudo calls + free (buf); return NULL; } char *str = NULL; @@ -378,7 +379,7 @@ static char *patch(RAsmPluginSession *aps, RAnalOp *aop, const char *op) { R_LOG_ERROR ("Cant fit a nop in here"); return false; } - char *hcmd = malloc ((size * 2) + 5); + hcmd = malloc ((size * 2) + 5); if (!hcmd) { return false; } diff --git a/libr/asm/parse.c b/libr/asm/parse.c index 44baeab315bcf..e7776eee0f800 100644 --- a/libr/asm/parse.c +++ b/libr/asm/parse.c @@ -101,7 +101,9 @@ R_API char *r_asm_parse_immbase(RAsm *a, const char *_opstr, int base) { } } r_strbuf_append (sb, last); - return r_strbuf_drain (sb); + char *result = r_strbuf_drain (sb); + free (opstr); + return result; } // TODO : make them internal? diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c index 9db89532c278f..ba11654cd6ef5 100644 --- a/libr/bin/format/elf/elf.c +++ b/libr/bin/format/elf/elf.c @@ -5054,6 +5054,7 @@ static RVecRBinElfSymbol *_load_additional_imported_symbols(ELFOBJ *eo, ImportIn if (symbol->is_imported) { if (limit > 0 && count++ > limit) { R_LOG_WARN ("eo.limit reached for imports"); + free (isym); break; } RVecRBinElfSymbol_push_back (imports, symbol); diff --git a/libr/bin/format/mach0/mach0.c b/libr/bin/format/mach0/mach0.c index 2a09642604547..9d7d1465ba04a 100644 --- a/libr/bin/format/mach0/mach0.c +++ b/libr/bin/format/mach0/mach0.c @@ -3099,13 +3099,14 @@ static void parse_symbols(RBinFile *bf, struct MACH0_(obj_t) *mo, HtPP *symcache sym->name = r_bin_name_new (symbol.name); } else { char *name = r_str_newf ("entry%u", (ut32)i); - sym->name = r_bin_name_new (symbol.name); + sym->name = r_bin_name_new (name); free (name); } sym->type = symbol.type == R_BIN_MACH0_SYMBOL_TYPE_LOCAL? "LOCAL": "EXT"; sym->is_imported = symbol.is_imported; sym->ordinal = ordinal++; _enrich_symbol (bf, mo, symcache, sym); + free (symbol.name); } } diff --git a/libr/bin/format/objc/mach0_classes.c b/libr/bin/format/objc/mach0_classes.c index ea3c0e7f1b17b..c1f70229f5c14 100644 --- a/libr/bin/format/objc/mach0_classes.c +++ b/libr/bin/format/objc/mach0_classes.c @@ -331,9 +331,6 @@ static void get_ivar_list(RBinFile *bf, RBinClass *klass, mach0_ut p) { return; } field = R_NEW0 (RBinField); - if (!field) { - break; - } memset (&i, '\0', sizeof (struct MACH0_(SIVar))); if (r + left < r || r + sizeof (struct MACH0_(SIVar)) < r) { goto error; @@ -452,6 +449,8 @@ static void get_ivar_list(RBinFile *bf, RBinClass *klass, mach0_ut p) { field = NULL; } else { R_LOG_WARN ("field name is empty"); + r_bin_field_free (field); + field = NULL; } } else { R_LOG_DEBUG ("va2pa error"); @@ -462,16 +461,14 @@ static void get_ivar_list(RBinFile *bf, RBinClass *klass, mach0_ut p) { } r_list_sort (klass->fields, sort_by_offset); RBinField *isa = R_NEW0 (RBinField); - if (isa) { - isa->name = r_bin_name_new ("isa"); - isa->size = sizeof (mach0_ut); - isa->type = r_bin_name_new ("struct objc_class *"); - // TODO r_bin_name_demangled (isa->type, "ObjC.Class*"); - isa->kind = R_BIN_FIELD_KIND_VARIABLE; - isa->vaddr = 0; - isa->offset = 0; - r_list_prepend (klass->fields, isa); - } + isa->name = r_bin_name_new ("isa"); + isa->size = sizeof (mach0_ut); + isa->type = r_bin_name_new ("struct objc_class *"); + // TODO r_bin_name_demangled (isa->type, "ObjC.Class*"); + isa->kind = R_BIN_FIELD_KIND_VARIABLE; + isa->vaddr = 0; + isa->offset = 0; + r_list_prepend (klass->fields, isa); return; error: r_bin_field_free (field); @@ -530,10 +527,7 @@ static void get_objc_property_list(RBinFile *bf, RBinClass *klass, mach0_ut p) { return; } - if (!(property = R_NEW0 (RBinField))) { - // retain just for debug - return; - } + property = R_NEW0 (RBinField); memset (&op, '\0', sizeof (struct MACH0_(SObjcProperty))); @@ -767,10 +761,6 @@ static void get_method_list(RBinFile *bf, RBinClass *klass, const char *class_na } method = R_NEW0 (RBinSymbol); - if (!method) { - // retain just for debug - return; - } struct MACH0_(SMethod) m = {0}; if (r + left < r || r + read_size < r) { goto error; @@ -1659,9 +1649,6 @@ static void parse_type(RBinFile *bf, RList *list, SwiftType st, HtUP *symbols_ht break; } RBinField *field = R_NEW0 (RBinField); - if (!field) { - break; - } ut64 field_name_addr = st.fieldmd.addr + (d * 4) + st.fieldmd_data[d]; ut64 field_type_addr = st.fieldmd.addr + (d * 4) + st.fieldmd_data[d - 1] - 4; ut64 field_method_addr = field_name_addr; diff --git a/libr/bin/mangling/cxx/cp-demangle.c b/libr/bin/mangling/cxx/cp-demangle.c index a1c739bf44699..629548b3168f1 100644 --- a/libr/bin/mangling/cxx/cp-demangle.c +++ b/libr/bin/mangling/cxx/cp-demangle.c @@ -4674,6 +4674,7 @@ d_print_comp_inner (struct d_print_info *dpi, int options, struct d_print_mod adpm[4]; unsigned int i; struct d_print_template dpt; + int is_template; /* Pass the name down to the type so that it can be printed in the right place for the type. We also have to pass down @@ -4747,7 +4748,8 @@ d_print_comp_inner (struct d_print_info *dpi, int options, /* If typed_name is a template, then it applies to the function type as well. */ - if (typed_name->type == DEMANGLE_COMPONENT_TEMPLATE) + is_template = typed_name->type == DEMANGLE_COMPONENT_TEMPLATE; + if (is_template) { dpt.next = dpi->templates; dpi->templates = &dpt; @@ -4756,7 +4758,7 @@ d_print_comp_inner (struct d_print_info *dpi, int options, d_print_comp (dpi, options, d_right (dc)); - if (typed_name->type == DEMANGLE_COMPONENT_TEMPLATE) + if (is_template) dpi->templates = dpt.next; /* If the modifiers didn't get printed by the type, print them diff --git a/libr/bin/mangling/objc.c b/libr/bin/mangling/objc.c index 4254b08153bbd..fa027601f66d5 100644 --- a/libr/bin/mangling/objc.c +++ b/libr/bin/mangling/objc.c @@ -79,17 +79,14 @@ R_API char *r_bin_demangle_objc(RBinFile *bf, const char *sym) { } if (sym[0] == '_' && sym[1] && sym[2] == '_') { // gnu style free (clas); + free (name); clas = strdup (sym + 3); args = strstr (clas, "__"); if (!args) { free (clas); - if (name != clas) { - free (name); - } return NULL; } *args = 0; - free (name); name = strdup (args + 2); if (!name) { free (clas); diff --git a/libr/bin/p/bin_dyldcache.c b/libr/bin/p/bin_dyldcache.c index 565c0d9ac58ea..efcc03558c27d 100644 --- a/libr/bin/p/bin_dyldcache.c +++ b/libr/bin/p/bin_dyldcache.c @@ -598,6 +598,7 @@ static void create_cache_bins(RBinFile *bf, RDyldCache *cache) { if (cache->images_are_global) { img = read_cache_images (cache->buf, cache->hdr, 0); if (!img) { + free (deps); return; } } diff --git a/libr/core/cmd.c b/libr/core/cmd.c index d96cb54c0b1a7..014bca055543b 100644 --- a/libr/core/cmd.c +++ b/libr/core/cmd.c @@ -1034,6 +1034,7 @@ static void cmd_remote(RCore *core, const char *input, bool retry) { const size_t buf_size = 1024; char *buf = calloc (buf_size, 1); if (!buf) { + free (host); return; } void *bed = r_cons_sleep_begin (core->cons); @@ -4970,6 +4971,7 @@ repeat:; if (R_STR_ISNOTEMPTY (n)) { ut64 v = r_num_math (core->num, n); if (core->num->nc.errors == 0) { + free (k); r_core_seek (core, v, true); cmd_tmpseek = core->tmpseek = true; goto fuji; diff --git a/libr/core/vslides.c b/libr/core/vslides.c index 3b49dea76631e..62414d21c9db0 100644 --- a/libr/core/vslides.c +++ b/libr/core/vslides.c @@ -124,14 +124,15 @@ static void render(SlidesState *state, RCore *core, RList *list, int mode, int p char *prefix = r_str_pad (NULL, 0, ' ', w); char *no = r_str_prefix_all (o2, prefix); free (prefix); - free (o); free (o2); + free (o); o = no; r_cons_print (cons, o); } else { char *no = r_str_ansi_crop (o, sx, sy, w, h); r_cons_print (cons, no); free (no); + o = NULL; } free (o); } diff --git a/libr/debug/p/native/linux/linux_debug.c b/libr/debug/p/native/linux/linux_debug.c index 41f4d51f6d497..27bdf090ec946 100644 --- a/libr/debug/p/native/linux/linux_debug.c +++ b/libr/debug/p/native/linux/linux_debug.c @@ -854,6 +854,8 @@ RList *linux_pid_list(int pid, RList *list) { // Unless pid 0 is requested, only add the requested pid and it's child processes if (0 == pid || i == pid || pid_info->ppid == pid) { r_list_append (list, pid_info); + } else { + r_debug_pid_free (pid_info); } } closedir (dh); diff --git a/libr/flag/flag.c b/libr/flag/flag.c index da19f060af403..8f3f511411e24 100644 --- a/libr/flag/flag.c +++ b/libr/flag/flag.c @@ -830,6 +830,7 @@ R_API RFlagItem *r_flag_set(RFlag *f, const char *name, ut64 addr, ut32 size) { // this should never happen because the name is filtered before.. if (!r_name_check (itemname)) { R_LOG_ERROR ("Invalid flag name '%s'", name); + free (itemname); return NULL; } diff --git a/libr/io/io_cache.c b/libr/io/io_cache.c index 5befa77aad5ee..456ac94821bb7 100644 --- a/libr/io/io_cache.c +++ b/libr/io/io_cache.c @@ -4,9 +4,10 @@ static int _ci_start_cmp_cb(void *incoming, void *in, void *user) { RIOCacheItem *incoming_ci = (RIOCacheItem *)incoming, *in_ci = (RIOCacheItem *)in; - if (R_UNLIKELY (!in_ci->tree_itv)) { + if (R_UNLIKELY (!in_ci->tree_itv || !incoming_ci->tree_itv)) { R_LOG_ERROR ("io cache tree corrupted"); r_sys_backtrace (); + return 0; } if (incoming_ci->tree_itv->addr < in_ci->tree_itv->addr) { return -1; @@ -309,6 +310,7 @@ R_API int r_io_cache_invalidate(RIO *io, ut64 from, ut64 to, bool many) { ci->data = cidata; } else { R_LOG_WARN ("first realloc failed"); + _io_cache_item_free (_ci); continue; } ut8 *ciodata = realloc (ci->odata, (size_t)r_itv_size (ci->itv)); @@ -316,6 +318,7 @@ R_API int r_io_cache_invalidate(RIO *io, ut64 from, ut64 to, bool many) { ci->odata = ciodata; } else { R_LOG_WARN ("second realloc failed"); + _io_cache_item_free (_ci); continue; } if (ci->tree_itv) { diff --git a/libr/main/radare2.c b/libr/main/radare2.c index ac34e5ab56877..60f3b42201a3d 100644 --- a/libr/main/radare2.c +++ b/libr/main/radare2.c @@ -386,6 +386,8 @@ static int main_print_var(const char *var_name) { free (rcfile); free (incdir); free (libdir); + free (bindir); + free (mandir); free (confighome); free (historyhome); free (datahome); diff --git a/libr/socket/socket_http_server.c b/libr/socket/socket_http_server.c index f1e50e03c8a71..1f0e231856af1 100644 --- a/libr/socket/socket_http_server.c +++ b/libr/socket/socket_http_server.c @@ -104,6 +104,7 @@ R_API RSocketHTTPRequest *r_socket_http_accept(RSocket *s, RSocketHTTPOptions *s if (content_length >= ST32_MAX) { r_socket_http_close (hr); r_socket_free (hr->s); + free (hr); R_LOG_ERROR ("Could not allocate hr data"); return NULL; } diff --git a/libr/util/asn1.c b/libr/util/asn1.c index 99460b7551cfd..d7107cf9eb2e2 100644 --- a/libr/util/asn1.c +++ b/libr/util/asn1.c @@ -143,6 +143,7 @@ R_API RASN1Object *r_asn1_object_parse(const ut8 *buffer_base, const ut8 *buffer } ut32 count = asn1_count_objects (object->sector, object->length); if (count == -1) { + free (object); return NULL; } if (count > 0) { @@ -181,6 +182,7 @@ R_API RAsn1 *r_asn1_new(const ut8 *buffer, int length, int fmtmode) { } a->root = r_asn1_object_parse (buffer, buffer, length, fmtmode); if (a->root == NULL) { + r_asn1_free (a); return NULL; } if (fmtmode == 'j') { diff --git a/libr/util/charset.c b/libr/util/charset.c index be8f77772f4ff..7831a68578dba 100644 --- a/libr/util/charset.c +++ b/libr/util/charset.c @@ -215,6 +215,7 @@ R_API size_t r_charset_encode_str(RCharset *rc, ut8 *out, size_t out_len, const if (res) { size_t reslen = strlen (res); if (reslen >= o_end - o) { + free (res); break; } fine = true; diff --git a/libr/util/print.c b/libr/util/print.c index 444a4af154ea2..c3595de773762 100644 --- a/libr/util/print.c +++ b/libr/util/print.c @@ -8,6 +8,7 @@ static const char hex[16] = "0123456789ABCDEF"; R_API void r_print_portionbar(RPrint *p, const ut64 *portions, int n_portions) { + R_RETURN_IF_FAIL (p); const int use_color = p->flags & R_PRINT_FLAGS_COLOR; int i, j; ut64 total = 0LL; @@ -44,7 +45,7 @@ R_API void r_print_portionbar(RPrint *p, const ut64 *portions, int n_portions) { } R_API char *r_print_columns(RPrint *p, const ut8 *buf, int len, int height) { -#define cb_print(x) r_print_printf (p, "%s", x) + R_RETURN_VAL_IF_FAIL (p, NULL); RStrBuf *sb = r_strbuf_new (""); size_t i, j; int cols = 78; // TODO: do not hardcode this value, columns should be defined by the user @@ -246,6 +247,7 @@ R_API char *r_print_stereogram_render(RPrint * R_NONNULL p, const char *ret) { } R_API void r_print_init(RPrint *p) { + R_RETURN_IF_FAIL (p); r_str_ncpy (p->datefmt, "%Y-%m-%d %H:%M:%S %u", sizeof (p->datefmt)); p->pairs = true; p->resetbg = true; @@ -373,6 +375,7 @@ R_API bool r_print_cursor_pointer(RPrint *p, int cur, int len) { } R_API void r_print_cursor(RPrint *p, int cur, int len, int set) { + R_RETURN_IF_FAIL (p); if (r_print_have_cursor (p, cur, len)) { r_print_printf (p, "%s", R_CONS_INVERT (set, 1)); } diff --git a/libr/util/str.c b/libr/util/str.c index 5cfadbbbf8354..5536f82baca36 100644 --- a/libr/util/str.c +++ b/libr/util/str.c @@ -997,6 +997,7 @@ R_API R_MUSTUSE char *r_str_replace_icase(char *str, const char *key, const char if (vlen > klen) { newstr = realloc (str, slen + 1); if (!newstr) { + free (str); return NULL; } str = newstr; diff --git a/shlr/java/class.c b/shlr/java/class.c index 331d4254c6936..42f49db8e200b 100644 --- a/shlr/java/class.c +++ b/shlr/java/class.c @@ -1375,6 +1375,7 @@ R_API RBinJavaField *r_bin_java_read_next_method(RBinJavaObj *bin, const ut64 of RBinJavaAttrInfo *attr = r_bin_java_read_next_attr (bin, adv + offset, buf, len); if (!attr) { R_LOG_ERROR ("unable to parse remainder of classfile after Method Attribute: %d", i); + r_bin_java_fmtype_free (method); return NULL; } if ((r_bin_java_get_attr_type_by_name (attr->name))->type == R_BIN_JAVA_ATTR_TYPE_CODE_ATTR) { diff --git a/shlr/winkd/winkd.c b/shlr/winkd/winkd.c index ed8fa1bd2f1d2..18a7ac85401f0 100644 --- a/shlr/winkd/winkd.c +++ b/shlr/winkd/winkd.c @@ -522,14 +522,19 @@ RList *winkd_list_modules(WindCtx *ctx) { winkd_read_at_uva (ctx, (uint8_t *) &mod->addr, ptr + baseoff, 4 << ctx->is_x64); winkd_read_at_uva (ctx, (uint8_t *) &mod->size, ptr + sizeoff, 4 << ctx->is_x64); - ut16 length; + ut16 length = 0; winkd_read_at_uva (ctx, (uint8_t *) &length, ptr + nameoff, sizeof (ut16)); + if (!length) { + free (mod); + break; + } ut64 bufferaddr = 0; winkd_read_at_uva (ctx, (uint8_t *) &bufferaddr, ptr + nameoff + sizeof (ut32), 4 << ctx->is_x64); wchar_t *unname = calloc ((ut64)length + 2, 1); if (!unname) { + free (mod); break; } @@ -538,6 +543,7 @@ RList *winkd_list_modules(WindCtx *ctx) { mod->name = calloc ((ut64)length + 1, 1); if (!mod->name) { free (unname); + free (mod); break; } wcstombs (mod->name, unname, length);