orc/orc-check-return-value-of-vasprintf.patch

From 13ad22b4bc75feb71cefc6b9c0c9cb81ff8c73c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 5 Aug 2024 13:35:03 +0300
Subject: [PATCH] Check return value of vasprintf()

With glibc, on allocation failure it doesn't set the pointer to NULL but instead
conveniently leaves it undefined.

The BSD version is defined in a better way and sets the pointer to NULL to avoid
further footguns.

Simply abort() on allocation failure. In the other code paths where malloc() is
used, allocation failures are not checked like everywhere else in orc but it is
assumed that dereferencing a NULL pointer simply crashes the process.
Technically this is of course still undefined behaviour.

Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/199>
---
 orc/orccompiler.c | 3 ++-
 orc/orcparse.c    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/orc/orccompiler.c b/orc/orccompiler.c
index 617ae295..3bc7da61 100644
--- a/orc/orccompiler.c
+++ b/orc/orccompiler.c
@@ -1490,7 +1490,8 @@ orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
   if (compiler->error_msg) return;
 
 #ifdef HAVE_VASPRINTF
-  vasprintf (&s, fmt, args);
+  if (vasprintf (&s, fmt, args) < 0)
+    ORC_ASSERT (0);
 #elif defined(_UCRT)
   s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
   vsnprintf_s (s, ORC_COMPILER_ERROR_BUFFER_SIZE, _TRUNCATE, fmt, args);
diff --git a/orc/orcparse.c b/orc/orcparse.c
index abeb9f59..aa91395e 100644
--- a/orc/orcparse.c
+++ b/orc/orcparse.c
@@ -430,7 +430,8 @@ orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args)
 
 #ifdef HAVE_VASPRINTF
   char *text = NULL;
-  vasprintf (&text, format, args);
+  if (vasprintf (&text, format, args) < 0)
+    ORC_ASSERT (0);
 #elif defined(_UCRT)
   char text[ORC_ERROR_LENGTH] = { '\0' };
   vsnprintf_s (text, ORC_ERROR_LENGTH, _TRUNCATE, format, args);
-- 
GitLab