From a6c405a5d57c3f729e0bf8dbbb317aff217b9693 Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <yobibe@gmail.com>
Date: Sat, 2 Mar 2013 02:50:33 +0100
Subject: [PATCH] malloc/free: some more cleaning & checking malloc errors

---
 libnfc/buses/uart_posix.c |  4 ++++
 libnfc/buses/uart_win32.c |  7 +++++++
 libnfc/chips/pn53x.c      | 33 +++++++++++++++++++++++++++++++++
 libnfc/nfc.c              |  2 ++
 4 files changed, 46 insertions(+)

diff --git a/libnfc/buses/uart_posix.c b/libnfc/buses/uart_posix.c
index 7b687c1..84bf5b4 100644
--- a/libnfc/buses/uart_posix.c
+++ b/libnfc/buses/uart_posix.c
@@ -79,16 +79,19 @@ uart_open(const char *pcPortName)
   sp->fd = open(pcPortName, O_RDWR | O_NOCTTY | O_NONBLOCK);
   if (sp->fd == -1) {
     uart_close_ext(sp, false);
+    free(sp);
     return INVALID_SERIAL_PORT;
   }
 
   if (tcgetattr(sp->fd, &sp->termios_backup) == -1) {
     uart_close_ext(sp, false);
+    free(sp);
     return INVALID_SERIAL_PORT;
   }
   // Make sure the port is not claimed already
   if (sp->termios_backup.c_iflag & CCLAIMED) {
     uart_close_ext(sp, false);
+    free(sp);
     return CLAIMED_SERIAL_PORT;
   }
   // Copy the old terminal info struct
@@ -104,6 +107,7 @@ uart_open(const char *pcPortName)
 
   if (tcsetattr(sp->fd, TCSANOW, &sp->termios_new) == -1) {
     uart_close_ext(sp, true);
+    free(sp);
     return INVALID_SERIAL_PORT;
   }
   return sp;
diff --git a/libnfc/buses/uart_win32.c b/libnfc/buses/uart_win32.c
index 0a47342..82c92b1 100644
--- a/libnfc/buses/uart_win32.c
+++ b/libnfc/buses/uart_win32.c
@@ -45,6 +45,9 @@ uart_open(const char *pcPortName)
   char    acPortName[255];
   struct serial_port_windows *sp = malloc(sizeof(struct serial_port_windows));
 
+  if (sp == 0)
+    return INVALID_SERIAL_PORT;
+
   // Copy the input "com?" to "\\.\COM?" format
   sprintf(acPortName, "\\\\.\\%s", pcPortName);
   _strupr(acPortName);
@@ -53,6 +56,7 @@ uart_open(const char *pcPortName)
   sp->hPort = CreateFileA(acPortName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
   if (sp->hPort == INVALID_HANDLE_VALUE) {
     uart_close(sp);
+    free(sp);
     return INVALID_SERIAL_PORT;
   }
   // Prepare the device control
@@ -60,11 +64,13 @@ uart_open(const char *pcPortName)
   sp->dcb.DCBlength = sizeof(DCB);
   if (!BuildCommDCBA("baud=9600 data=8 parity=N stop=1", &sp->dcb)) {
     uart_close(sp);
+    free(sp);
     return INVALID_SERIAL_PORT;
   }
   // Update the active serial port
   if (!SetCommState(sp->hPort, &sp->dcb)) {
     uart_close(sp);
+    free(sp);
     return INVALID_SERIAL_PORT;
   }
 
@@ -76,6 +82,7 @@ uart_open(const char *pcPortName)
 
   if (!SetCommTimeouts(sp->hPort, &sp->ct)) {
     uart_close(sp);
+    free(sp);
     return INVALID_SERIAL_PORT;
   }
 
diff --git a/libnfc/chips/pn53x.c b/libnfc/chips/pn53x.c
index 0d61fdd..8ccccca 100644
--- a/libnfc/chips/pn53x.c
+++ b/libnfc/chips/pn53x.c
@@ -78,6 +78,8 @@ pn53x_init(struct nfc_device *pnd)
 
   if (!CHIP_DATA(pnd)->supported_modulation_as_initiator) {
     CHIP_DATA(pnd)->supported_modulation_as_initiator = malloc(sizeof(nfc_modulation) * 9);
+    if (! CHIP_DATA(pnd)->supported_modulation_as_initiator)
+      return NFC_ESOFT;
     int nbSupportedModulation = 0;
     if ((pnd->btSupportByte & SUPPORT_ISO14443A)) {
       CHIP_DATA(pnd)->supported_modulation_as_initiator[nbSupportedModulation] = NMT_ISO14443A;
@@ -1649,6 +1651,8 @@ pn53x_initiator_transceive_bytes_timed(struct nfc_device *pnd, const uint8_t *pb
     // We've to compute CRC ourselves to know last byte actually sent
     uint8_t *pbtTxRaw;
     pbtTxRaw = (uint8_t *) malloc(szTx + 2);
+    if (!pbtTxRaw)
+      return NFC_ESOFT;
     memcpy(pbtTxRaw, pbtTx, szTx);
     iso14443a_crc_append(pbtTxRaw, szTx);
     *cycles = __pn53x_get_timer(pnd, pbtTxRaw[szTx + 1]);
@@ -2929,124 +2933,153 @@ pn53x_get_information_about(nfc_device *pnd, char **pbuf)
 {
   size_t buflen = 2048;
   *pbuf = malloc(buflen);
+  if (! *pbuf) {
+    return NFC_ESOFT;
+  }
   char *buf = *pbuf;
 
   int res;
   if ((res = snprintf(buf, buflen, "chip: %s\n", CHIP_DATA(pnd)->firmware_text)) < 0) {
+    free(*pbuf);
     return NFC_ESOFT;
   }
   buf += res;
   if (buflen <= (size_t)res) {
+    free(*pbuf);
     return NFC_EOVFLOW;
   }
   buflen -= res;
 
   if ((res = snprintf(buf, buflen, "initator mode modulations: ")) < 0) {
+    free(*pbuf);
     return NFC_ESOFT;
   }
   buf += res;
   if (buflen <= (size_t)res) {
+    free(*pbuf);
     return NFC_EOVFLOW;
   }
   buflen -= res;
   const nfc_modulation_type *nmt;
   if ((res = nfc_device_get_supported_modulation(pnd, N_INITIATOR, &nmt)) < 0) {
+    free(*pbuf);
     return res;
   }
 
   for (int i = 0; nmt[i]; i++) {
     if ((res = snprintf(buf, buflen, "%s%s (", (i == 0) ? "" : ", ", str_nfc_modulation_type(nmt[i]))) < 0) {
+      free(*pbuf);
       return NFC_ESOFT;
     }
     buf += res;
     if (buflen <= (size_t)res) {
+      free(*pbuf);
       return NFC_EOVFLOW;
     }
     buflen -= res;
     const nfc_baud_rate *nbr;
     if ((res = nfc_device_get_supported_baud_rate(pnd, nmt[i], &nbr)) < 0) {
+      free(*pbuf);
       return res;
     }
 
     for (int j = 0; nbr[j]; j++) {
       if ((res = snprintf(buf, buflen, "%s%s", (j == 0) ? "" : ", ", str_nfc_baud_rate(nbr[j]))) < 0) {
+        free(*pbuf);
         return NFC_ESOFT;
       }
       buf += res;
       if (buflen <= (size_t)res) {
+        free(*pbuf);
         return NFC_EOVFLOW;
       }
       buflen -= res;
     }
     if ((res = snprintf(buf, buflen, ")")) < 0) {
+      free(*pbuf);
       return NFC_ESOFT;
     }
     buf += res;
     if (buflen <= (size_t)res) {
+      free(*pbuf);
       return NFC_EOVFLOW;
     }
     buflen -= res;
 
   }
   if ((res = snprintf(buf, buflen, "\n")) < 0) {
+    free(*pbuf);
     return NFC_ESOFT;
   }
   buf += res;
   if (buflen <= (size_t)res) {
+    free(*pbuf);
     return NFC_EOVFLOW;
   }
   buflen -= res;
   if ((res = snprintf(buf, buflen, "target mode modulations: ")) < 0) {
+    free(*pbuf);
     return NFC_ESOFT;
   }
   buf += res;
   if (buflen <= (size_t)res) {
+    free(*pbuf);
     return NFC_EOVFLOW;
   }
   buflen -= res;
   if ((res = nfc_device_get_supported_modulation(pnd, N_TARGET, &nmt)) < 0) {
+    free(*pbuf);
     return res;
   }
 
   for (int i = 0; nmt[i]; i++) {
     if ((res = snprintf(buf, buflen, "%s%s (", (i == 0) ? "" : ", ", str_nfc_modulation_type(nmt[i]))) < 0) {
+      free(*pbuf);
       return NFC_ESOFT;
     }
     buf += res;
     if (buflen <= (size_t)res) {
+      free(*pbuf);
       return NFC_EOVFLOW;
     }
     buflen -= res;
     const nfc_baud_rate *nbr;
     if ((res = nfc_device_get_supported_baud_rate(pnd, nmt[i], &nbr)) < 0) {
+      free(*pbuf);
       return res;
     }
 
     for (int j = 0; nbr[j]; j++) {
       if ((res = snprintf(buf, buflen, "%s%s", (j == 0) ? "" : ", ", str_nfc_baud_rate(nbr[j]))) < 0) {
+        free(*pbuf);
         return NFC_ESOFT;
       }
       buf += res;
       if (buflen <= (size_t)res) {
+        free(*pbuf);
         return NFC_EOVFLOW;
       }
       buflen -= res;
     }
     if ((res = snprintf(buf, buflen, ")")) < 0) {
+      free(*pbuf);
       return NFC_ESOFT;
     }
     buf += res;
     if (buflen <= (size_t)res) {
+      free(*pbuf);
       return NFC_EOVFLOW;
     }
     buflen -= res;
 
   }
   if ((res = snprintf(buf, buflen, "\n")) < 0) {
+    free(*pbuf);
     return NFC_ESOFT;
   }
   buf += res;
   if (buflen <= (size_t)res) {
+    free(*pbuf);
     return NFC_EOVFLOW;
   }
   buflen -= res;
diff --git a/libnfc/nfc.c b/libnfc/nfc.c
index b3ce252..4c0368d 100644
--- a/libnfc/nfc.c
+++ b/libnfc/nfc.c
@@ -1287,6 +1287,8 @@ int
 str_nfc_target(char **buf, const nfc_target nt, bool verbose)
 {
   *buf = malloc(4096);
+  if (! *buf)
+    return NFC_ESOFT;
   (*buf)[0] = '\0';
   sprint_nfc_target(*buf, nt, verbose);
   return strlen(*buf);