Check calls to malloc() everywhere.

Try to let programs continue running.

Author: ytrezq

doc/doc-txt/ChangeLog

@@ -51,6 +51,15 @@ LC/01 Prefer the use of size_t for variables representing sizes. Even if most
 LC/02 Some values representing maximum path size were hard coded.
       They are now replaced with the PATH_MAX macro.
 
+LC/03 As everybody knows, malloc() can fails by returning 0. The return values
+      weren’t checked everywhere.
+      The values are checked manually in order handle the situation in way that
+      let the program continue running. Otherwise, replace direct calls to
+      malloc() with store_malloc() from the project standard memory management
+      facilities in order to stop the program.
+      Except if it isn’t possible to call store_malloc() or that some ressources
+      cleanup need to done.
+
 
 Exim version 4.87
 -----------------

src/OS/Makefile-Base

@@ -408,9 +408,9 @@ exim_tidydb: $(OBJ_TIDYDB)
 
 # The utility for building dbm files
 
-exim_dbmbuild: exim_dbmbuild.o
+exim_dbmbuild: util-store.o exim_dbmbuild.o
 	@echo "$(LNCC) -o exim_dbmbuild"
-	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o util-store.o \
 	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim_dbmbuild; \
@@ -421,11 +421,11 @@ exim_dbmbuild: exim_dbmbuild.o
 
 # The utility for locking a mailbox while messing around with it
 
-exim_lock: exim_lock.c os.h
+exim_lock: util-store.o exim_lock.c os.h
 	@echo "$(CC) exim_lock.c"
 	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
 	@echo "$(LNCC) -o exim_lock"
-	$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o  \
+	$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o util-store.o  \
 	  $(LIBS) $(EXTRALIBS)
 	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
 	  echo $(STRIP_COMMAND) exim_lock; \

src/exim_monitor/em_version.c

@@ -7,6 +7,7 @@
 
 #include "mytypes.h"
 #include "macros.h"
+#include "store.h"
 #include <string.h>
 #include <stdlib.h>
 
@@ -25,7 +26,7 @@ Ustrcpy(today, __DATE__);
 if (today[4] == ' ') i = 1;
 today[3] = today[6] = '-';
 
-version_date = (uschar *)malloc(32);
+version_date = (uschar *)store_malloc(32);
 version_date[0] = 0;
 Ustrncat(version_date, today+4+i, 3-i);
 Ustrncat(version_date, today, 4);

src/exim_monitor/em_xs.c

@@ -30,7 +30,7 @@ void xs_SetValues(Widget w, Cardinal num_args, ...)
 {
 int i;
 va_list ap;
-Arg *aa = (num_args > 15)? (Arg *)malloc(num_args*sizeof(Arg)) : xs_temparg;
+Arg *aa = (num_args > 15)? (Arg *)store_malloc(num_args*sizeof(Arg)) : xs_temparg;
 va_start(ap, num_args);
 for (i = 0; i < num_args; i++)
   {

src/src/buildconfig.c

@@ -688,6 +688,10 @@ else if (isgroup)
       while (*p != 0) if (*p++ == ':') count++;
 
       vector = malloc((count+1) * sizeof(uid_t));
+      if (!vector) {
+        printf("memory allocation falied");
+        return 1;
+      }
       vector[0] = (uid_t)count;
 
       for (i = 1, j = 0; i <= count; list++, i++)

src/src/dbfn.c

@@ -465,6 +465,11 @@ spool_directory = argv[1];
 debug_selector = D_all - D_memory;
 debug_file = stderr;
 big_buffer = malloc(big_buffer_size);
+if (!big_buffer)
+  {
+  printf("Memory allocation failed!\n");
+  return 1;
+  }
 
 for (i = 0; i < max_db; i++) dbblock[i].dbptr = NULL;
 

src/src/dbstuff.h

@@ -22,6 +22,7 @@ utilities as well as the main Exim binary. */
 /* ************************* tdb interface ************************ */
 
 #include <tdb.h>
+#include "store.h"
 
 /* Basic DB type */
 #define EXIM_DB TDB_CONTEXT
@@ -64,7 +65,7 @@ tdb_traverse to be called) */
 
 /* EXIM_DBCREATE_CURSOR - initialize for scanning operation */
 #define EXIM_DBCREATE_CURSOR(db, cursor) { \
-   *(cursor) = malloc(sizeof(TDB_DATA)); (*(cursor))->dptr = NULL; }
+   *(cursor) = store_malloc(sizeof(TDB_DATA)); (*(cursor))->dptr = NULL; }
 
 /* EXIM_DBSCAN - This is complicated because we have to free the last datum
 free() must not die when passed NULL */

src/src/dmarc.c

@@ -57,7 +57,7 @@ static dmarc_exim_p dmarc_policy_description[] = {
 static error_block *
 add_to_eblock(error_block *eblock, uschar *t1, uschar *t2)
 {
-error_block *eb = malloc(sizeof(error_block));
+error_block *eb = store_malloc(sizeof(error_block));
 if (eblock == NULL)
   eblock = eb;
 else

src/src/exim.c

@@ -3973,7 +3973,7 @@ EXIM_TMPDIR by the build scripts.
     if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
         Ustrcmp(*p+7, EXIM_TMPDIR) != 0)
       {
-      uschar *newp = malloc(Ustrlen(EXIM_TMPDIR) + 8);
+      uschar *newp = store_malloc(Ustrlen(EXIM_TMPDIR) + 8);
       sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR);
       *p = newp;
       DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR);
@@ -4010,15 +4010,15 @@ else
     int count = 0;
     if (environ) while (*p++ != NULL) count++;
     if (envtz == NULL) count++;
-    newp = new = malloc(sizeof(uschar *) * (count + 1));
+    newp = new = store_malloc(sizeof(uschar *) * (count + 1));
     if (environ) for (p = USS environ; *p != NULL; p++)
       {
       if (Ustrncmp(*p, "TZ=", 3) == 0) continue;
       *newp++ = *p;
       }
     if (timezone_string != NULL)
       {
-      *newp = malloc(Ustrlen(timezone_string) + 4);
+      *newp = store_malloc(Ustrlen(timezone_string) + 4);
       sprintf(CS *newp++, "TZ=%s", timezone_string);
       }
     *newp = NULL;

src/src/exim_dbmbuild.c

@@ -151,8 +151,8 @@ uschar *bptr;
 uschar  keybuffer[256];
 uschar  temp_dbmname[512];
 uschar  real_dbmname[512];
-uschar *buffer = malloc(max_outsize);
-uschar *line = malloc(max_insize);
+uschar *buffer = store_malloc(max_outsize);
+uschar *line = store_malloc(max_insize);
 
 while (argc > 1)
   {

src/src/exim_lock.c

@@ -14,6 +14,7 @@ Copyright (c) The Exim Maintainers 2016
 */
 
 #include "os.h"
+#include "store.h"
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -299,9 +300,9 @@ if (use_lockfile)
   primary_hostname = s.nodename;
 
   len = (int)strlen(filename);
-  lockname = malloc(len + 8);
+  lockname = store_malloc(len + 8);
   sprintf(lockname, "%s.lock", filename);
-  hitchname = malloc(len + 32 + (int)strlen(primary_hostname));
+  hitchname = store_malloc(len + 32 + (int)strlen(primary_hostname));
 
   /* Presumably, this must match appendfile.c */
   sprintf(hitchname, "%s.%s.%08x.%08x", lockname, primary_hostname,

src/src/expand.c

@@ -7746,6 +7746,12 @@ debug_selector = D_v;
 debug_file = stderr;
 debug_fd = fileno(debug_file);
 big_buffer = malloc(big_buffer_size);
+if (!big_buffer)
+  {
+  printf("** error Memory allocation failed!\n");
+  exit(EXIT_FAILURE);
+  }
+
 
 for (i = 1; i < argc; i++)
   {

src/src/hash.c

@@ -787,10 +787,16 @@ for (i = 0; i < sizeof(tests)/sizeof(uschar *); i ++)
 /* 1 000 000 repetitions of "a" */
 
 ctest = malloc(1000000);
+if(!ctest)
+  {
+  printf("Memory allocation failed!\n*** No match ***\n");
+  exit(EXIT_FAILURE);
+  }
 memset(ctest, 'a', 1000000);
 
 printf("1 000 000 repetitions of 'a'\n");
 printf("Should be: %s\n", atest);
+free(ctest);
 native_sha1_start(&base);
 native_sha1_end(&base, ctest, 1000000, digest);
 for (j = 0; j < 20; j++) sprintf(s+2*j, "%02X", digest[j]);

src/src/mime.c

@@ -195,6 +195,8 @@ FILE *f = NULL;
 uschar *filename;
 
 filename = (uschar *)malloc(PATH_MAX);
+if (!filename)
+  return NULL;
 
 if (pname && fname)
   {

src/src/smtp_in.c

@@ -1890,10 +1890,7 @@ acl_var_c = NULL;
 
 /* Allow for trailing 0 in the command and data buffers. */
 
-smtp_cmd_buffer = (uschar *)malloc(2*smtp_cmd_buffer_size + 2);
-if (smtp_cmd_buffer == NULL)
-  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
-    "malloc() failed for SMTP command buffer");
+smtp_cmd_buffer = (uschar *)store_malloc(2*smtp_cmd_buffer_size + 2);
 smtp_cmd_buffer[0] = 0;
 smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1;
 
@@ -1915,9 +1912,7 @@ else
 /* Set up the buffer for inputting using direct read() calls, and arrange to
 call the local functions instead of the standard C ones. */
 
-smtp_inbuffer = (uschar *)malloc(in_buffer_size);
-if (smtp_inbuffer == NULL)
-  log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer");
+smtp_inbuffer = (uschar *)store_malloc(in_buffer_size);
 receive_getc = smtp_getc;
 receive_ungetc = smtp_ungetc;
 receive_feof = smtp_feof;

src/src/store.c

@@ -345,8 +345,14 @@ if ((char *)ptr < bc || (char *)ptr > bc + b->length)
     if ((char *)ptr >= bc && (char *)ptr <= bc + b->length) break;
     }
   if (b == NULL)
+#ifndef COMPILE_UTILITY
     log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal error: store_reset(%p) "
       "failed: pool=%d %-14s %4d", ptr, store_pool, filename, linenumber);
+#else
+    fprintf(stderr, "internal error: store_reset(%p) "
+      "failed: pool=%d %-14s %4d\n", ptr, store_pool, filename, linenumber);
+    exit(EXIT_FAILURE);
+#endif
   }
 
 /* Back up, rounding to the alignment if necessary. When testing, flatten
@@ -500,8 +506,14 @@ if (size < 16) size = 16;
 yield = malloc(size);
 
 if (yield == NULL)
+#ifndef COMPILE_UTILITY
   log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %zd bytes of memory: "
     "called from line %d of %s", size, linenumber, filename);
+#else
+  fprintf(stderr, "failed to malloc %zd bytes of memory: "
+    "called from line %d of %s\n", size, linenumber, filename);
+  exit(EXIT_FAILURE);
+#endif
 
 nonpool_malloc += size;
 

src/src/store.h

@@ -9,6 +9,7 @@
 
 #ifndef STORE_H
 #define STORE_H
+#include <stddef.h>
 
 /* Define symbols for identifying the store pools. */
 
@@ -37,6 +38,9 @@ tracing information for debugging. */
 #define store_release(addr)  store_release_3(addr, __FILE__, __LINE__)
 #define store_reset(addr)    store_reset_3(addr, __FILE__, __LINE__)
 
+#ifndef BOOL
+#include "mytypes.h"
+#endif
 
 /* The real functions */
 

src/src/string.c

@@ -1847,6 +1847,11 @@ while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
     else
       {
       uschar *sss = malloc(s - ss + 1);
+      if(!sss)
+        {
+        printf("***ERROR\nMemory allocation failed!\n");
+        exit(EXIT_FAILURE);
+        }
       Ustrncpy(sss, ss, s-ss);
       args[n++] = sss;
       }

src/src/transport.c

@@ -1725,6 +1725,13 @@ while (1)
   /* create an array to read entire message queue into memory for processing  */
 
   msgq = (msgq_t*) malloc(sizeof(msgq_t) * host_record->count);
+
+  if(!msgq) {
+    dbfn_close(dbm_file);
+    DEBUG(D_transport) debug_printf("memory allocation for message queue failed\n");
+    return FALSE;
+  }
+
   msgq_count = host_record->count;
   msgq_actual = msgq_count;
 

test/src/cf.c

@@ -680,6 +680,11 @@ bufbase_one = (char *)malloc(storesize);
 buftop_one = bufbase_one + storesize;
 bufbase_two = (char *)malloc(storesize);
 buftop_two = bufbase_two + storesize;
+if (!bufbase_one || !buftop_two)
+  {
+  fprintf(stderr, "Memory allocation failed!\n");
+  exit(EXIT_FAILURE);
+  }
 
 /* Do the job */
 

test/src/fakens.c

@@ -182,6 +182,11 @@ va_start(ap, format);
 vsprintf(buffer, CS format, ap);
 va_end(ap);
 yield = (uschar *)malloc(Ustrlen(buffer) + 1);
+if (!yield)
+{
+fprintf(stderr, "Memory allocation failed!\n");
+exit(EXIT_FAILURE);
+}
 Ustrcpy(yield, buffer);
 return yield;
 }

test/src/server.c

@@ -460,6 +460,11 @@ while (fgets(CS buffer, sizeof(buffer), stdin) != NULL)
   buffer[n] = 0;
   if (strcmp(CS buffer, "++++") == 0) break;
   next = malloc(sizeof(line) + n);
+  if(!next)
+    {
+    fprintf(stderr, "memory allocation failed\n");
+    exit(1);
+    }
   next->next = NULL;
   d = next->line;
     {