Check more mallocs

This is just a start and gets most easy ones.

6 files changed, 84 insertions, 16 deletions

diff --git a/libass/ass.c b/libass/ass.c
index 63c31a6..80f4e7a 100644
--- a/libass/ass.c
+++ b/libass/ass.c
@@ -669,6 +669,8 @@ static int decode_font(ASS_Track *track)
         goto error_decode_font;
     }
     buf = malloc(size / 4 * 3 + 2);
+    if (!buf)
+        goto error_decode_font;
     q = buf;
     for (i = 0, p = (unsigned char *) track->parser_priv->fontdata;
          i < size / 4; i++, p += 4) {
@@ -818,6 +820,8 @@ static int process_text(ASS_Track *track, char *str)
 void ass_process_data(ASS_Track *track, char *data, int size)
 {
     char *str = malloc(size + 1);
+    if (!str)
+        return;
 
     memcpy(str, data, size);
     str[size] = '\0';
@@ -878,6 +882,8 @@ void ass_process_chunk(ASS_Track *track, char *data, int size,
     }
 
     str = malloc(size + 1);
+    if (!str)
+        return;
     memcpy(str, data, size);
     str[size] = '\0';
     ass_msg(track->library, MSGL_V, "Event at %" PRId64 ", +%" PRId64 ": %s",
@@ -964,6 +970,9 @@ static char *sub_recode(ASS_Library *library, char *data, size_t size,
 #endif
     }
 
+    if (icdsc == (iconv_t) (-1))
+        return NULL;
+
     {
         size_t osize = size;
         size_t ileft = size;
@@ -974,6 +983,8 @@ static char *sub_recode(ASS_Library *library, char *data, size_t size,
         int clear = 0;
 
         outbuf = malloc(osize);
+        if (!outbuf)
+            goto out;
         ip = data;
         op = outbuf;
 
@@ -987,7 +998,12 @@ static char *sub_recode(ASS_Library *library, char *data, size_t size,
             if (rc == (size_t) (-1)) {
                 if (errno == E2BIG) {
                     size_t offset = op - outbuf;
-                    outbuf = (char *) realloc(outbuf, osize + size);
+                    char *nbuf = realloc(outbuf, osize + size);
+                    if (!nbuf) {
+                        free(outbuf);
+                        outbuf = 0;
+                        goto out;
+                    }
                     op = outbuf + offset;
                     osize += size;
                     oleft += size;
@@ -1046,7 +1062,11 @@ static char *read_file(ASS_Library *library, char *fname, size_t *bufsize)
 
     ass_msg(library, MSGL_V, "File size: %ld", sz);
 
-    buf = malloc(sz + 1);
+    buf = sz < SIZE_MAX ? malloc(sz + 1) : NULL;
+    if (!buf) {
+        fclose(fp);
+        return NULL;
+    }
     assert(buf);
     bytes_read = 0;
     do {
@@ -1271,9 +1291,15 @@ long long ass_step_sub(ASS_Track *track, long long now, int movement)
 ASS_Track *ass_new_track(ASS_Library *library)
 {
     ASS_Track *track = calloc(1, sizeof(ASS_Track));
+    if (!track)
+        return NULL;
     track->library = library;
     track->ScaledBorderAndShadow = 1;
     track->parser_priv = calloc(1, sizeof(ASS_ParserPriv));
+    if (!track->parser_priv) {
+        free(track);
+        return NULL;
+    }
     return track;
 }
 
diff --git a/libass/ass_bitmap.c b/libass/ass_bitmap.c
index 6de70f0..c7a9fb5 100644
--- a/libass/ass_bitmap.c
+++ b/libass/ass_bitmap.c
@@ -113,7 +113,8 @@ void resize_tmp(ASS_SynthPriv *priv, int w, int h)
 ASS_SynthPriv *ass_synth_init(double radius)
 {
     ASS_SynthPriv *priv = calloc(1, sizeof(ASS_SynthPriv));
-    generate_tables(priv, radius);
+    if (priv)
+        generate_tables(priv, radius);
     return priv;
 }
 
diff --git a/libass/ass_cache.c b/libass/ass_cache.c
index e5e77fc..a0a00b3 100644
--- a/libass/ass_cache.c
+++ b/libass/ass_cache.c
@@ -237,6 +237,8 @@ Cache *ass_cache_create(HashFunction hash_func, HashCompare compare_func,
                         size_t key_size, size_t value_size)
 {
     Cache *cache = calloc(1, sizeof(*cache));
+    if (!cache)
+        return NULL;
     cache->buckets = 0xFFFF;
     cache->hash_func = hash_simple;
     cache->compare_func = compare_simple;
@@ -251,6 +253,10 @@ Cache *ass_cache_create(HashFunction hash_func, HashCompare compare_func,
     cache->key_size = key_size;
     cache->value_size = value_size;
     cache->map = calloc(cache->buckets, sizeof(CacheItem *));
+    if (!cache->map) {
+        free(cache);
+        return NULL;
+    }
 
     return cache;
 }
@@ -261,8 +267,16 @@ void *ass_cache_put(Cache *cache, void *key, void *value)
     CacheItem **bucketptr = &cache->map[bucket];
 
     CacheItem *item = calloc(1, sizeof(CacheItem));
+    if (!item)
+        return NULL;
     item->key = malloc(cache->key_size);
     item->value = malloc(cache->value_size);
+    if (!item->key || !item->value) {
+        free(item->key);
+        free(item->value);
+        free(item);
+        return NULL;
+    }
     memcpy(item->key, key, cache->key_size);
     memcpy(item->value, value, cache->value_size);
 
diff --git a/libass/ass_drawing.c b/libass/ass_drawing.c
index f94d0e4..cc847af 100644
--- a/libass/ass_drawing.c
+++ b/libass/ass_drawing.c
@@ -342,6 +342,8 @@ ASS_Drawing *ass_drawing_new(ASS_Library *lib, FT_Library ftlib)
     ASS_Drawing *drawing;
 
     drawing = calloc(1, sizeof(*drawing));
+    if (!drawing)
+        return NULL;
     drawing->cbox.xMin = drawing->cbox.yMin = INT_MAX;
     drawing->cbox.xMax = drawing->cbox.yMax = INT_MIN;
     drawing->ftlibrary = ftlib;
diff --git a/libass/ass_fontconfig.c b/libass/ass_fontconfig.c
index dcb0bcf..fc564cc 100644
--- a/libass/ass_fontconfig.c
+++ b/libass/ass_fontconfig.c
@@ -160,6 +160,8 @@ static char *select_font(ASS_Library *library, FCInstance *priv,
         family_cnt = 1;
         {
             char *s = strdup(family);
+            if (!s)
+                goto error;
             char *p = s + strlen(s);
             while (--p > s)
                 if (*p == ' ' || *p == '-') {
@@ -246,6 +248,8 @@ static char *select_font(ASS_Library *library, FCInstance *priv,
     if (result != FcResultMatch)
         goto error;
     retval = strdup((const char *) r_file);
+    if (!retval)
+        goto error;
 
     result = FcPatternGetString(rpat, FC_FAMILY, 0, &r_family);
     if (result != FcResultMatch)
@@ -344,9 +348,10 @@ char *fontconfig_select(ASS_Library *library, FCInstance *priv,
     if (!res && priv->path_default) {
         res = strdup(priv->path_default);
         *index = priv->index_default;
-        ass_msg(library, MSGL_WARN, "fontconfig_select: Using default font: "
-                "(%s, %d, %d) -> %s, %d", family, bold, italic,
-                res, *index);
+        if (res)
+            ass_msg(library, MSGL_WARN, "fontconfig_select: Using default font: "
+                    "(%s, %d, %d) -> %s, %d", family, bold, italic,
+                    res, *index);
     }
     if (!res) {
         res = select_font(library, priv, "Arial", 0, bold, italic,
@@ -444,6 +449,9 @@ FCInstance *fontconfig_init(ASS_Library *library,
     const char *dir = library->fonts_dir;
     int i;
 
+    if (!priv)
+        return NULL;
+
     if (!fc) {
         ass_msg(library, MSGL_WARN,
                "Fontconfig disabled, only default font will be used.");
@@ -518,6 +526,8 @@ FCInstance *fontconfig_init(ASS_Library *library,
         "Fontconfig disabled, only default font will be used.");
 
     priv = calloc(1, sizeof(FCInstance));
+    if (!priv)
+        return NULL;
 
     priv->path_default = path ? strdup(path) : 0;
     priv->index_default = 0;
diff --git a/libass/ass_library.c b/libass/ass_library.c
index b33ca55..5b7a5c9 100644
--- a/libass/ass_library.c
+++ b/libass/ass_library.c
@@ -40,8 +40,8 @@ static void ass_msg_handler(int level, const char *fmt, va_list va, void *data)
 ASS_Library *ass_library_init(void)
 {
     ASS_Library* lib = calloc(1, sizeof(*lib));
-    lib->msg_callback = ass_msg_handler;
-
+    if (lib)
+        lib->msg_callback = ass_msg_handler;
     return lib;
 }
 
@@ -86,16 +86,22 @@ void ass_set_style_overrides(ASS_Library *priv, char **list)
     for (p = list, cnt = 0; *p; ++p, ++cnt) {
     }
 
-    priv->style_overrides = malloc((cnt + 1) * sizeof(char *));
+    priv->style_overrides = calloc(cnt + 1, sizeof(char *));
+    if (!priv->style_overrides)
+        return;
     for (p = list, q = priv->style_overrides; *p; ++p, ++q)
         *q = strdup(*p);
-    priv->style_overrides[cnt] = NULL;
 }
 
-static void grow_array(void **array, int nelem, size_t elsize)
+static int grow_array(void **array, int nelem, size_t elsize)
 {
-    if (!(nelem & 31))
-        *array = realloc(*array, (nelem + 32) * elsize);
+    if (!(nelem & 31)) {
+        void *ptr = realloc(*array, (nelem + 32) * elsize);
+        if (!ptr)
+            return 0;
+        *array = ptr;
+    }
+    return 1;
 }
 
 void ass_add_font(ASS_Library *priv, char *name, char *data, int size)
@@ -103,17 +109,26 @@ void ass_add_font(ASS_Library *priv, char *name, char *data, int size)
     int idx = priv->num_fontdata;
     if (!name || !data || !size)
         return;
-    grow_array((void **) &priv->fontdata, priv->num_fontdata,
-               sizeof(*priv->fontdata));
+    if (!grow_array((void **) &priv->fontdata, priv->num_fontdata,
+                    sizeof(*priv->fontdata)))
+        return;
 
     priv->fontdata[idx].name = strdup(name);
-
     priv->fontdata[idx].data = malloc(size);
+
+    if (!priv->fontdata[idx].name || !priv->fontdata[idx].data)
+        goto error;
+
     memcpy(priv->fontdata[idx].data, data, size);
 
     priv->fontdata[idx].size = size;
 
     priv->num_fontdata++;
+    return;
+
+error:
+    free(priv->fontdata[idx].name);
+    free(priv->fontdata[idx].data);
 }
 
 void ass_clear_fonts(ASS_Library *priv)