[ros-diffs] [dchapyshev] 42997: - Handle memory allocation failures. Found by Amine Khaldi

dchapyshev at svn.reactos.org dchapyshev at svn.reactos.org
Sat Sep 5 17:07:13 CEST 2009


Author: dchapyshev
Date: Sat Sep  5 17:07:13 2009
New Revision: 42997

URL: http://svn.reactos.org/svn/reactos?rev=42997&view=rev
Log:
- Handle memory allocation failures. Found by Amine Khaldi

Modified:
    trunk/reactos/drivers/usb/nt4compat/usbdriver/bulkonly.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/cbi.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/gendrv.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/hub.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/keyboard.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/mouse.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/ohci.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/td.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c
    trunk/reactos/drivers/usb/nt4compat/usbdriver/umss.c

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/bulkonly.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/bulkonly.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/bulkonly.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/bulkonly.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -386,6 +386,8 @@
         {
             PULONG buf;
             buf = usb_alloc_mem(NonPagedPool, 32);
+            if (!buf) return;
+
             buf[0] = (ULONG) pdev_ext;
             buf[1] = (ULONG) purb->endp_handle;
 
@@ -548,6 +550,8 @@
         pdev_ext->retry = FALSE;
 
         buf = usb_alloc_mem(NonPagedPool, 32);
+        if (!buf) return;
+
         buf[0] = (ULONG) pdev_ext;
         buf[1] = (ULONG) purb->endp_handle;
 
@@ -714,6 +718,8 @@
     pdev_ext->retry = TRUE;
 
     cbw = usb_alloc_mem(NonPagedPool, sizeof(COMMAND_BLOCK_WRAPPER));
+    if (!cbw) return STATUS_NO_MEMORY;
+
     RtlZeroMemory(cbw, sizeof(COMMAND_BLOCK_WRAPPER));
     pdev_ext->io_packet.flags &= ~IOP_FLAG_STAGE_MASK;
     pdev_ext->io_packet.flags |= IOP_FLAG_STAGE_SENSE;

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/cbi.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/cbi.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/cbi.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/cbi.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -41,6 +41,8 @@
     UNREFERENCED_PARAMETER(dir);
 
     purb = usb_alloc_mem(NonPagedPool, sizeof(URB));
+    if (!purb) return STATUS_NO_MEMORY;
+
     // Build URB for the ADSC command
     UsbBuildVendorRequest(purb,
                           pdev_ext->dev_handle | 0xffff,

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/devmgr.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -26,6 +26,10 @@
 	PBYTE data_buf;\
 	int i;\
 	data_buf = usb_alloc_mem( NonPagedPool, ( pdEV )->desc_buf_size += 1024 );\
+	if (!data_buf)\
+	{\
+		goto LBL_OUT;\
+	}\
 	RtlZeroMemory( data_buf, ( pdEV )->desc_buf_size );\
 	for( i = 0; i < ( LONG )( puRB )->context; i++ )\
 	{\
@@ -798,7 +802,7 @@
     //first, get device descriptor
     purb = usb_alloc_mem(NonPagedPool, sizeof(URB));
     data_buf = usb_alloc_mem(NonPagedPool, 512);
-    if (purb == NULL)
+    if (purb == NULL || data_buf == NULL)
     {
         unlock_dev(pdev, TRUE);
         return FALSE;
@@ -1011,8 +1015,11 @@
     }
 
 LBL_OUT:
-    usb_free_mem(purb);
-    purb = NULL;
+    if (purb)
+    {
+        usb_free_mem(purb);
+        purb = NULL;
+    }
 
     lock_dev(pdev, TRUE);
     if (dev_state(pdev) != USB_DEV_STATE_ZOMB)
@@ -1245,6 +1252,8 @@
 
         pif->altif_count++;
         paltif = usb_alloc_mem(NonPagedPool, sizeof(USB_INTERFACE));
+        if (!paltif) return FALSE;
+
         RtlZeroMemory(paltif, sizeof(USB_INTERFACE));
         InsertTailList(&pif->altif_list, &paltif->altif_list);
         paltif->pif_drv = NULL;

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/ehci.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -1202,6 +1202,12 @@
         }
 
         pending_endp = alloc_pending_endp(&ehci->pending_endp_pool, 1);
+        if (!pending_endp)
+        {
+            unlock_dev(pdev, TRUE);
+            KeReleaseSpinLockFromDpcLevel(&ehci->pending_endp_list_lock);
+            return;
+        }
         pending_endp->pendp = pendp;
         InsertTailList(&ehci->pending_endp_list, &pending_endp->endp_link);
 
@@ -3113,6 +3119,12 @@
                 i = EHCI_PORTSC + 4 * (psetup->wIndex - 1);     // USBPORTSC1;
 
                 ptimer = alloc_timer_svc(&dev_mgr->timer_svc_pool, 1);
+                if (!ptimer)
+                {
+                    purb->status = STATUS_NO_MEMORY;
+                    break;
+                }
+
                 ptimer->threshold = 0;  // within [ 50ms, 60ms ], one tick is 10 ms
                 ptimer->context = (ULONG) purb;
                 ptimer->pdev = pdev;
@@ -3136,6 +3148,11 @@
         case USB_ENDPOINT_XFER_INT:
         {
             ptimer = alloc_timer_svc(&dev_mgr->timer_svc_pool, 1);
+            if (!ptimer)
+            {
+                purb->status = STATUS_NO_MEMORY;
+                break;
+            }
             ptimer->threshold = RH_INTERVAL;
             ptimer->context = (ULONG) purb;
             ptimer->pdev = pdev;

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/gendrv.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/gendrv.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/gendrv.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/gendrv.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -142,6 +142,12 @@
     pdriver->driver_desc.dev_protocol = 0;      // Protocol Info.
 
     pdriver->driver_ext = usb_alloc_mem(NonPagedPool, sizeof(GENDRV_DRVR_EXTENSION));
+    if (!pdriver->driver_ext)
+    {
+        usb_dbg_print(DBGLVL_MAXIMUM, ("gendrv_driver_init(): memory allocation failed!\n"));
+        return FALSE;
+    }
+
     pdriver->driver_ext_size = sizeof(GENDRV_DRVR_EXTENSION);
 
     RtlZeroMemory(pdriver->driver_ext, pdriver->driver_ext_size);
@@ -345,6 +351,12 @@
 
     pdev_ext = (PGENDRV_DEVICE_EXTENSION) pdev_obj->DeviceExtension;
     pdev_ext->desc_buf = usb_alloc_mem(NonPagedPool, 512);
+    if (!pdev_ext->desc_buf)
+    {
+        usb_dbg_print(DBGLVL_MAXIMUM, ("gendrv_event_select_driver(): memory allocation failed!\n"));
+        goto ERROR_OUT;
+    }
+
     RtlCopyMemory(pdev_ext->desc_buf, pconfig_desc, 512);
 
     // insert the device to the dev_list
@@ -440,6 +452,7 @@
     {
         unlock_dev(pdev, TRUE);
         KeReleaseSpinLockFromDpcLevel(&dev_mgr->event_list_lock);
+        return;
     }
 
     pevent->flags = USB_EVENT_FLAG_ACTIVE;
@@ -815,6 +828,12 @@
 
     pdev_ext = (PGENDRV_DEVICE_EXTENSION) pdev_obj->DeviceExtension;
     pdev_ext->desc_buf = usb_alloc_mem(NonPagedPool, 512);
+    if (!pdev_ext->desc_buf)
+    {
+        usb_dbg_print(DBGLVL_MAXIMUM, ("gendrv_if_connect(): memory allocation failed!\n"));
+        goto ERROR_OUT;
+    }
+
     RtlCopyMemory(pdev_ext->desc_buf, pconfig_desc, 512);
     pdev_ext->if_ctx.pif_desc =
         (PUSB_INTERFACE_DESC) & pdev_ext->desc_buf[(PBYTE) pif_desc - (PBYTE) pconfig_desc];
@@ -988,6 +1007,8 @@
     pdriver->disp_tbl.dev_reserved = NULL;
 
     pdriver->driver_ext = usb_alloc_mem(NonPagedPool, sizeof(GENDRV_DRVR_EXTENSION));
+    if (!pdriver->driver_ext) return FALSE;
+
     pdriver->driver_ext_size = sizeof(GENDRV_DRVR_EXTENSION);
 
     RtlZeroMemory(pdriver->driver_ext, pdriver->driver_ext_size);

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/hub.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/hub.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/hub.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/hub.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -432,13 +432,14 @@
         return STATUS_DEVICE_DOES_NOT_EXIST;
     }
     purb = usb_alloc_mem(NonPagedPool, sizeof(URB));
-    RtlZeroMemory(purb, sizeof(URB));
 
     if (purb == NULL)
     {
         unlock_dev(pdev, FALSE);
         return STATUS_NO_MEMORY;
     }
+
+    RtlZeroMemory(purb, sizeof(URB));
 
     purb->flags = 0;
     purb->status = STATUS_SUCCESS;
@@ -1242,6 +1243,7 @@
         //Let's start a reset port request
         InsertHeadList(&dev_mgr->event_list, &pevent->event_link);
         purb = usb_alloc_mem(NonPagedPool, sizeof(URB));
+        if (!purb) goto LBL_OUT;
         RtlZeroMemory(purb, sizeof(URB));
 
         purb->data_buffer = NULL;
@@ -1632,6 +1634,15 @@
             }
 
             purb = usb_alloc_mem(NonPagedPool, sizeof(URB));
+            if (!purb)
+            {
+                if (from_dpc)
+                    KeReleaseSpinLockFromDpcLevel(&dev_mgr->event_list_lock);
+                else
+                    KeReleaseSpinLock(&dev_mgr->event_list_lock, old_irql);
+                return FALSE;
+            }
+
             RtlZeroMemory(purb, sizeof(URB));
 
             purb->data_buffer = NULL;
@@ -1707,6 +1718,7 @@
     dev_mgr = dev_mgr_from_dev(pdev);
 
     pevent = alloc_event(&dev_mgr->event_pool, 1);
+    if (!pevent) return;
     pevent->event = USB_EVENT_DEFAULT;
     pevent->process_queue = event_list_default_process_queue;
     pevent->process_event = pe;
@@ -2507,13 +2519,14 @@
         return FALSE;
     }
     purb = usb_alloc_mem(NonPagedPool, sizeof(URB));
-    RtlZeroMemory(purb, sizeof(URB));
 
     if (purb == NULL)
     {
         unlock_dev(pdev, FALSE);
         return FALSE;
     }
+
+    RtlZeroMemory(purb, sizeof(URB));
 
     purb->flags = 0;
     purb->status = STATUS_SUCCESS;

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/keyboard.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/keyboard.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/keyboard.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/keyboard.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -79,6 +79,7 @@
     pdriver->driver_desc.dev_protocol = 1;          // Protocol Info.
 
     pdriver->driver_ext = usb_alloc_mem(NonPagedPool, sizeof(KEYBOARD_DRVR_EXTENSION));
+    if (!pdriver->driver_ext) return FALSE;
     pdriver->driver_ext_size = sizeof(KEYBOARD_DRVR_EXTENSION);
 
     RtlZeroMemory(pdriver->driver_ext, sizeof(KEYBOARD_DRVR_EXTENSION));

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/mouse.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/mouse.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/mouse.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/mouse.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -40,11 +40,7 @@
     pdriver->driver_desc.dev_protocol = 2;          // Protocol Info.
 
     pdriver->driver_ext = usb_alloc_mem(NonPagedPool, sizeof(MOUSE_DRVR_EXTENSION));
-    if (!pdriver->driver_ext)
-    {
-        usb_dbg_print(DBGLVL_MAXIMUM, ("mouse_driver_init(): memory allocation failed!\n"));
-        return FALSE;
-    }
+    if (!pdriver->driver_ext) return FALSE;
 
     pdriver->driver_ext_size = sizeof(MOUSE_DRVR_EXTENSION);
 

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/ohci.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/ohci.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/ohci.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/ohci.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -1177,6 +1177,12 @@
                 }
 
                 ptimer = alloc_timer_svc(&dev_mgr->timer_svc_pool, 1);
+                if (!ptimer)
+                {
+                    purb->status = STATUS_NO_MEMORY;
+                    break;
+                }
+
                 ptimer->threshold = 0;  // within [ 50ms, 60ms ], one tick is 10 ms
                 ptimer->context = (ULONG) purb;
                 ptimer->pdev = pdev;
@@ -1202,6 +1208,12 @@
         case USB_ENDPOINT_XFER_INT:
         {
             ptimer = alloc_timer_svc(&dev_mgr->timer_svc_pool, 1);
+            if (!ptimer)
+            {
+                purb->status = STATUS_NO_MEMORY;
+                break;
+            }
+
             ptimer->threshold = RH_INTERVAL;
             ptimer->context = (ULONG) purb;
             ptimer->pdev = pdev;

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/td.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/td.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/td.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/td.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -400,6 +400,7 @@
         return NULL;
 
     ptd = alloc_td(pool_list);
+    if (!ptd) return NULL;
 
     for(i = 1; i < count; i++)
     {

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/uhci.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -1747,6 +1747,13 @@
         }
 
         pending_endp = alloc_pending_endp(&uhci->pending_endp_pool, 1);
+        if (!pending_endp)
+        {
+            unlock_dev(pdev, TRUE);
+            KeReleaseSpinLockFromDpcLevel(&uhci->pending_endp_list_lock);
+            return;
+        }
+
         pending_endp->pendp = pendp;
         InsertTailList(&uhci->pending_endp_list, &pending_endp->endp_link);
 
@@ -3400,6 +3407,12 @@
                 }
 
                 ptimer = alloc_timer_svc(&dev_mgr->timer_svc_pool, 1);
+                if (!ptimer)
+                {
+                    purb->status = STATUS_NO_MEMORY;
+                    break;
+                }
+
                 ptimer->threshold = 0;  // within [ 50ms, 60ms ], one tick is 10 ms
                 ptimer->context = (ULONG) purb;
                 ptimer->pdev = pdev;
@@ -3423,6 +3436,12 @@
         case USB_ENDPOINT_XFER_INT:
         {
             ptimer = alloc_timer_svc(&dev_mgr->timer_svc_pool, 1);
+            if (!ptimer)
+            {
+                purb->status = STATUS_NO_MEMORY;
+                break;
+            }
+
             ptimer->threshold = RH_INTERVAL;
             ptimer->context = (ULONG) purb;
             ptimer->pdev = pdev;

Modified: trunk/reactos/drivers/usb/nt4compat/usbdriver/umss.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/nt4compat/usbdriver/umss.c?rev=42997&r1=42996&r2=42997&view=diff
==============================================================================
--- trunk/reactos/drivers/usb/nt4compat/usbdriver/umss.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/usb/nt4compat/usbdriver/umss.c [iso-8859-1] Sat Sep  5 17:07:13 2009
@@ -250,6 +250,7 @@
     pdriver->driver_desc.dev_protocol = 0;      // Protocol Info.
 
     pdriver->driver_ext = usb_alloc_mem(NonPagedPool, sizeof(UMSS_DRVR_EXTENSION));
+    if (!pdriver->driver_ext) return FALSE;
     pdriver->driver_ext_size = sizeof(UMSS_DRVR_EXTENSION);
 
     RtlZeroMemory(pdriver->driver_ext, sizeof(UMSS_DRVR_EXTENSION));
@@ -1815,6 +1816,8 @@
     pdriver->driver_desc.dev_protocol = 0;      // Protocol Info.
 
     pdriver->driver_ext = usb_alloc_mem(NonPagedPool, sizeof(UMSS_DRVR_EXTENSION));
+    if (!pdriver->driver_ext) return FALSE;
+
     pdriver->driver_ext_size = sizeof(UMSS_DRVR_EXTENSION);
 
     RtlZeroMemory(pdriver->driver_ext, sizeof(UMSS_DRVR_EXTENSION));
@@ -1946,10 +1949,11 @@
     PUMSS_WORKER_PACKET worker_packet;
 
     worker_packet = usb_alloc_mem(NonPagedPool, sizeof(WORK_QUEUE_ITEM) + sizeof(UMSS_WORKER_PACKET));
-    RtlZeroMemory(worker_packet, sizeof(WORK_QUEUE_ITEM) + sizeof(UMSS_WORKER_PACKET));
 
     if (worker_packet)
     {
+        RtlZeroMemory(worker_packet, sizeof(WORK_QUEUE_ITEM) + sizeof(UMSS_WORKER_PACKET));
+
         workitem = (PWORK_QUEUE_ITEM) & worker_packet[1];
         worker_packet->completion = completion;
         worker_packet->context = context;




More information about the Ros-diffs mailing list