From 1ace8538d1cc4db594a58ea9ec355f7c6182af5e Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Mon, 14 Mar 2016 14:19:43 +0000 Subject: Fix possible dereference of NULL The return of calloc was not being checked and could have lead to a NULL pointer dereference. This fixes coverity CID 1316337 Additionally the functions documentation comments were cleaned up. --- render/html_interaction.c | 44 ++++++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 14 deletions(-) (limited to 'render') diff --git a/render/html_interaction.c b/render/html_interaction.c index 764d58a23..397ce46c2 100644 --- a/render/html_interaction.c +++ b/render/html_interaction.c @@ -235,14 +235,26 @@ void html_mouse_track(struct content *c, struct browser_window *bw, html_mouse_action(c, bw, mouse, x, y); } -/** Helper for file gadgets to store their filename unencoded on the - * dom node associated with the gadget. +/** + * Helper for file gadgets to store their filename. + * + * Stores the filename unencoded on the dom node associated with the + * gadget. * * \todo Get rid of this crap eventually + * + * \param operation DOM operation + * \param key DOM node key being considerd + * \param _data The data assocated with the key + * \param src The source DOM node. + * \param dst The destination DOM node. */ -static void html__image_coords_dom_user_data_handler(dom_node_operation operation, - dom_string *key, void *_data, struct dom_node *src, - struct dom_node *dst) +static void +html__image_coords_dom_user_data_handler(dom_node_operation operation, + dom_string *key, + void *_data, + struct dom_node *src, + struct dom_node *dst) { struct image_input_coords *oldcoords, *coords = _data, *newcoords; @@ -254,23 +266,27 @@ static void html__image_coords_dom_user_data_handler(dom_node_operation operatio switch (operation) { case DOM_NODE_CLONED: newcoords = calloc(1, sizeof(*newcoords)); - *newcoords = *coords; - if (dom_node_set_user_data(dst, - corestring_dom___ns_key_image_coords_node_data, - newcoords, html__image_coords_dom_user_data_handler, - &oldcoords) == DOM_NO_ERR) { - free(oldcoords); + if (newcoords != NULL) { + *newcoords = *coords; + if (dom_node_set_user_data(dst, + corestring_dom___ns_key_image_coords_node_data, + newcoords, + html__image_coords_dom_user_data_handler, + &oldcoords) == DOM_NO_ERR) { + free(oldcoords); + } } break; + case DOM_NODE_DELETED: + free(coords); + break; + case DOM_NODE_RENAMED: case DOM_NODE_IMPORTED: case DOM_NODE_ADOPTED: break; - case DOM_NODE_DELETED: - free(coords); - break; default: LOG("User data operation not handled."); assert(0); -- cgit v1.2.3