session: fixup access to uninitialized memory

The sr_packet_copy() routine could have written to an arbitrary memory
location. Make sure to allocate the space before writing to it, and
check for successful allocation before accessing the memory.

It's assumed that this error never took effect, as the routine appears
to be unused.

This was reported by clang's scan-build.

diff --git a/src/session.c b/src/session.c
index ad39ddcf54f457212637d120caaec55fa5cc4a52..0620b222b2cafa37b596d9011be2964d1320887b 100644 (file)
--- a/src/session.c
+++ b/src/session.c
@@ -1484,8 +1484,13 @@ SR_PRIV int sr_packet_copy(const struct sr_datafeed_packet *packet,
        case SR_DF_LOGIC:
                logic = packet->payload;
                logic_copy = g_malloc(sizeof(*logic_copy));
+               if (!logic_copy)
+                       return SR_ERR;
                logic_copy->length = logic->length;
                logic_copy->unitsize = logic->unitsize;
+               logic_copy->data = g_malloc(logic->length * logic->unitsize);
+               if (!logic_copy->data)
+                       return SR_ERR;
                memcpy(logic_copy->data, logic->data, logic->length * logic->unitsize);
                (*copy)->payload = logic_copy;
                break;