# HG changeset patch
# User Rob Flynn <gaim@robflynn.com>
# Date 954912848 0
# Node ID bfdc427b936d0fd706a5b80188c60c8451ea5361
# Parent  66c5a24b62ec084c7b8a88993f126632c7b329b4
[gaim-migrate @ 89]
I'll save time and just post the email :-)

 Summary of changes:

  * Misc malloc/free cleanups, use g_malloc more places and
  other small stuff (e.g. lineardata not being freed in the
  error case in sound.c)

  * Misc signed/unsigned cleanups (use size_t more often)

  * read() can return -1 at any point, check return values
  more rigorously (read_rv variables used for this)

  * In can_play_audio, stat requires a pointer to an
  allocated stat_buf (the address of an automatic variable)

  * escape_text needs a buffer at least 4 times the size of
  the text being passed in (not 2 times); I can force core
  dumps with lots of newlines otherwise

  * There's a debug statement in netscape_command
  (browser.c) that was printf("Hello%d\n"); with no int for
  the %d; I threw in a getppid(), but the statement should
  probably come out eventually.

Thanks, G Sumner Hayes!

committer: Tailor Script <tailor@pidgin.im>

diff -r 66c5a24b62ec -r bfdc427b936d src/away.c
--- a/src/away.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/away.c	Wed Apr 05 05:34:08 2000 +0000
@@ -154,10 +154,11 @@
         }
 
 
-        buf2 = g_strdup(awaymessage->message);
+        buf2 = g_malloc(strlen(awaymessage->message)*4 + 1);
+	strcpy(buf2, awaymessage->message);
         escape_text(buf2);
         serv_set_away(buf2);
-        // g_free(buf2);
+        g_free(buf2);
 	gtk_widget_show(imaway);
 }
 
@@ -165,7 +166,7 @@
 {
 #ifdef USE_APPLET
 	char *awayname;
-	awayname = malloc(sizeof *awayname * (6 + strlen(a->name)));
+	awayname = g_malloc(sizeof (*awayname) * (6 + strlen(a->name)));
 	awayname[0] = '\0';
 	strcat(awayname, "away/");
 	strcat(awayname, a->name);
diff -r 66c5a24b62ec -r bfdc427b936d src/browser.c
--- a/src/browser.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/browser.c	Wed Apr 05 05:34:08 2000 +0000
@@ -76,7 +76,7 @@
         if (screen != save_screen) {
                 Display *dpy = DisplayOfScreen(screen);
                 Atom __SWM_VROOT = None;
-                int i;
+                unsigned int i;
                 Window rootReturn, parentReturn, *children;
                 unsigned int numChildren;
 
@@ -409,7 +409,7 @@
         if (!raise_p)
         {
                 char *close;
-                new_command = (char *) malloc (strlen (command) + 20);
+                new_command = g_malloc (strlen (command) + 20);
                 strcpy (new_command, command);
                 close = strrchr (new_command, ')');
                 if (close)
@@ -617,7 +617,7 @@
 			args[0] = g_strdup("netscape");
 			args[1] = NULL;
                         e = execvp(args[0], args);
-                        printf("Hello%d\n");
+                        printf("Hello%d\n", getppid());
                         
 			_exit(0);
 		} else {
diff -r 66c5a24b62ec -r bfdc427b936d src/buddy_chat.c
--- a/src/buddy_chat.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/buddy_chat.c	Wed Apr 05 05:34:08 2000 +0000
@@ -267,7 +267,7 @@
 
 static void whisper_callback(GtkWidget *widget, struct buddy_chat *b)
 {
-	char buf[BUF_LONG];
+	char buf[BUF_LEN*4];
 	char buf2[BUF_LONG];
 	GList *selected;
 	char *who;
@@ -304,7 +304,7 @@
 
 static void send_callback(GtkWidget *widget, struct buddy_chat *b)
 {
-	char buf[BUF_LONG];
+	char buf[BUF_LEN*4];
 
 	strncpy(buf, gtk_entry_get_text(GTK_ENTRY(b->entry)), sizeof(buf)/2);
 	if (!strlen(buf))
diff -r 66c5a24b62ec -r bfdc427b936d src/conversation.c
--- a/src/conversation.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/conversation.c	Wed Apr 05 05:34:08 2000 +0000
@@ -325,9 +325,8 @@
 
 static void send_callback(GtkWidget *widget, struct conversation *c)
 {
-        char buf[BUF_LONG];
+        char buf[BUF_LEN*4];
 	char *buf2;
-        char *buf3;
 	gchar *buf4;
         int hdrlen;
 
@@ -349,7 +348,6 @@
 	 * measure = 23 bytes + the length of normalize c->name */
 
 	buf2 = g_malloc(BUF_LONG);
-	buf3 = g_malloc(BUF_LONG);
 	
         hdrlen = 23 + strlen(normalize(c->name));
 
@@ -404,7 +402,6 @@
 	gtk_widget_grab_focus(c->entry);
 
         g_free(buf2);
-        g_free(buf3);
 
 }
 
diff -r 66c5a24b62ec -r bfdc427b936d src/dialogs.c
--- a/src/dialogs.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/dialogs.c	Wed Apr 05 05:34:08 2000 +0000
@@ -895,7 +895,7 @@
 		
 	save_prefs();
 
-        buf = g_malloc(strlen(current_user->user_info) * 2);
+        buf = g_malloc(strlen(current_user->user_info) * 4);
         g_snprintf(buf, strlen(current_user->user_info) * 2, "%s", current_user->user_info);
         escape_text(buf);
         serv_set_info(buf);
@@ -2158,6 +2158,7 @@
 	char *buf;
 	char *header;
 	int hdrlen;
+	int read_rv;
 	char bmagic[5];
 	struct sockaddr_in sin;
 	int rcv;
@@ -2198,6 +2199,7 @@
 	ft->fd = socket(AF_INET, SOCK_STREAM, 0);
 	
 	if (ft->fd <= -1 || connect(ft->fd, (struct sockaddr_in *)&sin, sizeof(sin))) {
+	        g_free(buf);
 		return;
 		/*cancel */
 	}
@@ -2205,7 +2207,13 @@
 	rcv = 0;
 	header = g_malloc(6);
 	while (rcv != 6) {
-		rcv += read(ft->fd, header + rcv, 6 - rcv);
+		read_rv = read(ft->fd, header + rcv, 6 - rcv);
+		if(read_rv < 0) {
+			g_free(header);
+			g_free(buf);
+			return;
+		}
+		rcv += read_rv;
 		while(gtk_events_pending())
 			gtk_main_iteration();
 	}
@@ -2221,7 +2229,13 @@
 	rcv = 0;
 
 	while (rcv != hdrlen) {
-		rcv += read(ft->fd, header + rcv, hdrlen - rcv);
+		read_rv = read(ft->fd, header + rcv, hdrlen - rcv);
+		if(read_rv < 0) {
+			g_free(header);
+			g_free(buf);
+			return;
+		}
+		rcv += read_rv;
 		while(gtk_events_pending())
 			gtk_main_iteration();
 	}
diff -r 66c5a24b62ec -r bfdc427b936d src/gnome_applet_mgr.c
--- a/src/gnome_applet_mgr.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/gnome_applet_mgr.c	Wed Apr 05 05:34:08 2000 +0000
@@ -274,7 +274,7 @@
 	while(awy) {
 		a = (struct away_message *)awy->data;
 
-		awayname = malloc(sizeof *awayname * (6 + strlen(a->name)));
+		awayname = g_malloc(sizeof *awayname * (6 + strlen(a->name)));
 		awayname[0] = '\0';
 		strcat(awayname, "away/");
 		strcat(awayname, a->name);
@@ -299,7 +299,7 @@
 	while (awy) {
 		a = (struct away_message *)awy->data;
 
-		awayname = malloc(sizeof *awayname * (6 + strlen(a->name)));
+		awayname = g_malloc(sizeof *awayname * (6 + strlen(a->name)));
 		awayname[0] = '\0';
 		strcat(awayname, "away/");
 		strcat(awayname, a->name);
diff -r 66c5a24b62ec -r bfdc427b936d src/gtkhtml.c
--- a/src/gtkhtml.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/gtkhtml.c	Wed Apr 05 05:34:08 2000 +0000
@@ -535,8 +535,9 @@
 
 	g_strdown(font_name);
 		
-	if( my_font = 
-			g_datalist_id_get_data(&font_cache, g_quark_from_string(font_name)) )	
+	if( (my_font = 
+	     g_datalist_id_get_data(&font_cache, 
+				    g_quark_from_string(font_name)) ) )	
 	{
 		return my_font;
 	}
@@ -1110,7 +1111,7 @@
 		}
 		else
 		{
-			int st,
+			size_t st,
 			  en;
 			char *str;
 			if (html->num_end > html->num_start)
@@ -1136,7 +1137,7 @@
 	{
 		GtkHtmlBit *shb,
 		 *ehb;
-		int en,
+		size_t en,
 		  st;
 		int len,
 		  nlen;
@@ -2759,8 +2760,8 @@
 	int maxwidth;
 	gint lb;
 	GList *hbits;
-	int num = 0,
-	  i,
+	size_t num = 0;
+	int i,
 	  height;
 	GtkHtmlBit *hb;
 	gint hwidth,
@@ -3679,7 +3680,7 @@
 	GtkHtmlBit *hb = NULL,
 	 *hb2 = NULL;
 	gint y;
-	gint len,
+	size_t len,
 	  len2 = 0;
 
 	undraw_cursor(html);
@@ -3848,7 +3849,7 @@
 			html->cursor_pos = 0;
 		}
 	}
-	else if (html->cursor_pos > strlen(html->cursor_hb->text))
+	else if ((unsigned) html->cursor_pos > strlen(html->cursor_hb->text))
 	{
 		if (hbits->next)
 		{
diff -r 66c5a24b62ec -r bfdc427b936d src/oscar.c
--- a/src/oscar.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/oscar.c	Wed Apr 05 05:34:08 2000 +0000
@@ -286,7 +286,6 @@
         case 0x0005: {
                 char *buf;
                 char *buf2;
-                char *first = g_malloc(64);
                 char file[1024];
                 FILE *f;
 
diff -r 66c5a24b62ec -r bfdc427b936d src/proxy.c
--- a/src/proxy.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/proxy.c	Wed Apr 05 05:34:08 2000 +0000
@@ -50,7 +50,7 @@
     size_t input_index = 0;
     size_t result_size = 80;
 
-    result = (char *) malloc (result_size);
+    result = g_malloc (result_size);
 
     while (1)
     {
@@ -61,7 +61,7 @@
 
 	if (c == EOF)
 	{
-	    free (result);
+	    g_free (result);
 
 	    /* It's end of file.  */
 	    fprintf(stderr, "end of file from  server\n");
@@ -74,7 +74,7 @@
 	while (input_index + 1 >= result_size)
 	{
 	    result_size *= 2;
-	    result = (char *) realloc (result, result_size);
+	    result = (char *) g_realloc (result, result_size);
 	}
     }
 
@@ -85,7 +85,7 @@
     result[input_index] = '\0';
 
     if (resultp == NULL)
-	free (result);
+	g_free (result);
     return input_index;
 }
 
diff -r 66c5a24b62ec -r bfdc427b936d src/server.c
--- a/src/server.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/server.c	Wed Apr 05 05:34:08 2000 +0000
@@ -108,7 +108,7 @@
         char *buf;
 
 	if (strlen(current_user->user_info)) {
-		buf = g_malloc(strlen(current_user->user_info) * 2);
+		buf = g_malloc(strlen(current_user->user_info) * 4);
 		strcpy(buf, current_user->user_info);
 		escape_text(buf);
 		serv_set_info(buf);
@@ -170,7 +170,7 @@
 		  char *city, char *state, char *country, int web)
 {
 #ifndef USE_OSCAR
-	char buf2[BUF_LEN], buf[BUF_LEN];
+	char buf2[BUF_LEN*4], buf[BUF_LEN];
 	g_snprintf(buf2, sizeof(buf2), "%s:%s:%s:%s:%s:%s:%s:%s", first,
 		   middle, last, maiden, city, state, country,
 		   (web == 1) ? "Y" : "");
@@ -577,10 +577,8 @@
                                 else
                                         g_snprintf(who, 63, CONVERSATION_TITLE, name);
                                 gtk_window_set_title(GTK_WINDOW(cv->window), who);
-                                /* no free 'who', set_title needs it.
-                                 */
-				/* Umm .. Why?? */
-				g_free(who);
+				/* was g_free(buf), but break gives us that
+				 * and freeing twice is not good --Sumner */
                                 break;
                         }
                         cnv = cnv->next;
diff -r 66c5a24b62ec -r bfdc427b936d src/sound.c
--- a/src/sound.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/sound.c	Wed Apr 05 05:34:08 2000 +0000
@@ -60,16 +60,16 @@
 
 static int can_play_audio()
 {
-	struct stat *stat_buf;
+	struct stat stat_buf;
 	uid_t user = getuid();
 	gid_t group = getgid(); 
-	if (stat("/dev/audio", stat_buf))
+	if (stat("/dev/audio", &stat_buf))
 		return 0;
-	if (user == stat_buf->st_uid && stat_buf->st_mode & S_IWUSR)
+	if (user == stat_buf.st_uid && stat_buf.st_mode & S_IWUSR)
 		return 1;
-	if (group == stat_buf->st_gid && stat_buf->st_mode & S_IWGRP)
+	if (group == stat_buf.st_gid && stat_buf.st_mode & S_IWGRP)
 		return 1;
-	if (stat_buf->st_mode & S_IWOTH)
+	if (stat_buf.st_mode & S_IWOTH)
 		return 1;
 	return 0;
 }
@@ -114,13 +114,16 @@
 {
         int fd, i;
 	esd_format_t format = ESD_BITS16 | ESD_STREAM | ESD_PLAY | ESD_MONO;
-        guint16 *lineardata = g_malloc(size * 2);
+        guint16 *lineardata;
 	
 	
         fd = esd_play_stream(format, 8012, NULL, "gaim");
 
-        if (fd < 0)
+        if (fd < 0) {
                 return 0;
+	}
+
+        lineardata = g_malloc(size * 2);
 
 	for (i=0; i<size; i++)
 		lineardata[i] = _af_ulaw2linear(data[i]);
diff -r 66c5a24b62ec -r bfdc427b936d src/toc.c
--- a/src/toc.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/toc.c	Wed Apr 05 05:34:08 2000 +0000
@@ -283,35 +283,47 @@
 }
 
 
-int wait_reply(char *buffer, int buflen)
+int wait_reply(char *buffer, size_t buflen)
 {
-        int res=6;
+        size_t res=-1;
+	int read_rv = -1;
 	struct sflap_hdr *hdr=(struct sflap_hdr *)buffer;
         char *c;
 
-        while((res = read(toc_fd, buffer, 1))) {
-		if (res < 0)
-			return res;
+	if(buflen < sizeof(struct sflap_hdr)) {
+	    do_error_dialog("Buffer too small", "Gaim - Error (internal)");
+	    return -1;
+	}
+
+        while((read_rv = read(toc_fd, buffer, 1))) {
+		if (read_rv < 0 || read_rv > 1)
+			return -1;
 		if (buffer[0] == '*')
                         break;
 
 	}
 
-	res = read(toc_fd, buffer+1, sizeof(struct sflap_hdr) - 1);
+	read_rv = read(toc_fd, buffer+1, sizeof(struct sflap_hdr) - 1);
 
-        if (res < 0)
-		return res;
+        if (read_rv < 0)
+		return read_rv;
 
-	res += 1;
+	res = read_rv + 1;
 	
         
 	sprintf(debug_buff, "Rcv: %s %s\n",print_header(buffer), "");
 	debug_print(debug_buff);
 
 
+	if(buflen < sizeof(struct sflap_hdr) + ntohs(hdr->len) + 1) {
+	    do_error_dialog("Buffer too small", "Gaim - Error (internal)");
+	    return -1;
+	}
 
         while (res < (sizeof(struct sflap_hdr) + ntohs(hdr->len))) {
-		res += read(toc_fd, buffer + res, (ntohs(hdr->len) + sizeof(struct sflap_hdr)) - res);
+		read_rv = read(toc_fd, buffer + res, (ntohs(hdr->len) + sizeof(struct sflap_hdr)) - res);
+		if(read_rv < 0) return read_rv;
+		res += read_rv;
 		while(gtk_events_pending())
 			gtk_main_iteration();
 	}
diff -r 66c5a24b62ec -r bfdc427b936d src/util.c
--- a/src/util.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/util.c	Wed Apr 05 05:34:08 2000 +0000
@@ -303,8 +303,8 @@
 
 FILE *open_log_file (struct conversation *c)
 {
-        char *buf = g_malloc(BUF_LONG);
-        char *buf2 = g_malloc(BUF_LONG);
+        char *buf;
+        char *buf2;
         char log_all_file[256];
         struct log_conversation *l;
         struct stat st;
@@ -314,9 +314,6 @@
 
         if (!(general_options & OPT_GEN_LOG_ALL)) {
 
-		g_free(buf);
-		g_free(buf2);
-
                 l = find_log_info(c->name);
                 if (!l)
                         return NULL;
@@ -335,6 +332,9 @@
                 return fd;
         }
 
+	buf = g_malloc(BUF_LONG);
+	buf2 = g_malloc(BUF_LONG);
+
         /*  Dont log yourself */
         g_snprintf(log_all_file, 256, "%s/.gaim", getenv("HOME"));
 
@@ -436,7 +436,7 @@
 {
 	char *c, *cpy;
 	int cnt=0;
-	/* Assumes you have a buffer able to cary at least BUF_LEN * 2 bytes */
+	/* Assumes you have a buffer able to cary at least BUF_LEN * 4 bytes */
 	if (strlen(msg) > BUF_LEN) {
 		fprintf(stderr, "Warning:  truncating message to 2048 bytes\n");
 		msg[2047]='\0';
@@ -479,7 +479,7 @@
                 msg[2047]='\0';
         }
 
-	woo = (char *)malloc(strlen(msg) * 2); 
+	woo = malloc(strlen(msg) * 2); 
         cpy = g_strdup(msg);
         c = cpy;
         while(*c) {
@@ -629,7 +629,7 @@
         char *t, *u;
         int x=0;
 
-        g_return_if_fail (s != NULL);
+        g_return_val_if_fail ((s != NULL), NULL);
 
         u = t = g_strdup(s);