diff --git a/main/ast_expr2.c b/main/ast_expr2.c
index c700b01d73f339b3cdada430c913bd13265ac72a..b914598ec828235363392e2b49f33b5d14345fb9 100644
--- a/main/ast_expr2.c
+++ b/main/ast_expr2.c
@@ -3669,13 +3669,20 @@ op_tildetilde (struct val *a, struct val *b)
/* strip double quotes from both -- */
strip_quotes(a);
strip_quotes(b);
-
+
vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+ if (vs == NULL) {
+ ast_log(LOG_WARNING, "malloc() failed\n");
+ return NULL;
+ }
+
strcpy(vs,a->u.s);
strcat(vs,b->u.s);
v = make_str(vs);
+ free(vs);
+
/* free arguments */
free_value(a);
free_value(b);
diff --git a/main/ast_expr2.y b/main/ast_expr2.y
index df87bcc7f6bc001641bc9a3a62c18e859d178bdb..29fee35cf6c0036afdfd5eccc1115abd4e3637a5 100644
--- a/main/ast_expr2.y
+++ b/main/ast_expr2.y
@@ -1662,13 +1662,20 @@ op_tildetilde (struct val *a, struct val *b)
/* strip double quotes from both -- */
strip_quotes(a);
strip_quotes(b);
-
+
vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+ if (vs == NULL) {
+ ast_log(LOG_WARNING, "malloc() failed\n");
+ return NULL;
+ }
+
strcpy(vs,a->u.s);
strcat(vs,b->u.s);
v = make_str(vs);
+ free(vs);
+
/* free arguments */
free_value(a);
free_value(b);
diff --git a/main/say.c b/main/say.c
index 6e51de20143412751642e4771d5a3a34a7703dc8..e4e3743299e2a969ece7af0ad2329c0c4f834b76 100644
--- a/main/say.c
+++ b/main/say.c
@@ -8521,9 +8521,9 @@ int ast_say_date_with_format_ja(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
- sndoffset=0;
- for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < 256) ; sndoffset++)
+ for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
+ }
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
diff --git a/res/ael/pval.c b/res/ael/pval.c
index d5ea5accf03f9e9875180c45ad3506e54522fda5..ce9458c06dddb502cb49eca7d3ad37b45b73c03d 100644
--- a/res/ael/pval.c
+++ b/res/ael/pval.c
@@ -3356,9 +3356,9 @@ static int gen_prios(struct ael_extension *exten, char *label, pval *statement,
#ifdef OLD_RAND_ACTION
struct ael_priority *rand_test, *rand_end, *rand_skip;
#endif
- char *buf1;
- char *buf2;
- char *new_label;
+ RAII_VAR(char *, buf1, NULL, free);
+ RAII_VAR(char *, buf2, NULL, free);
+ RAII_VAR(char *, new_label, NULL, free);
char *strp, *strp2;
int default_exists;
int local_control_statement_count;
@@ -4192,9 +4192,6 @@ static int gen_prios(struct ael_extension *exten, char *label, pval *statement,
break;
}
}
- free(buf1);
- free(buf2);
- free(new_label);
return 0;
}
@@ -5053,7 +5050,10 @@ int pvalCheckType( pval *p, char *funcname, pvaltype type )
pval *pvalCreateNode( pvaltype type )
{
pval *p = calloc(1,sizeof(pval)); /* why, oh why, don't I use ast_calloc? Way, way, way too messy if I do! */
- p->type = type; /* remember, this can be used externally or internally to asterisk */
+ /* remember, this can be used externally or internally to asterisk */
+ if (p) {
+ p->type = type;
+ }
return p;
}
@@ -5414,14 +5414,30 @@ void pvalIncludesAddInclude( pval *p, const char *include )
void pvalIncludesAddIncludeWithTimeConstraints( pval *p, const char *include, char *hour_range, char *dom_range, char *dow_range, char *month_range )
{
- pval *hr = pvalCreateNode(PV_WORD);
- pval *dom = pvalCreateNode(PV_WORD);
- pval *dow = pvalCreateNode(PV_WORD);
- pval *mon = pvalCreateNode(PV_WORD);
- pval *s = pvalCreateNode(PV_WORD);
-
- if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES))
+ pval *hr;
+ pval *dom;
+ pval *dow;
+ pval *mon;
+ pval *s;
+
+ if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES)) {
+ return;
+ }
+
+ hr = pvalCreateNode(PV_WORD);
+ dom = pvalCreateNode(PV_WORD);
+ dow = pvalCreateNode(PV_WORD);
+ mon = pvalCreateNode(PV_WORD);
+ s = pvalCreateNode(PV_WORD);
+
+ if (!hr || !dom || !dow || !mon || !s) {
+ destroy_pval(hr);
+ destroy_pval(dom);
+ destroy_pval(dow);
+ destroy_pval(mon);
+ destroy_pval(s);
return;
+ }
s->u1.str = (char *)include;
p->u1.list = linku1(p->u1.list, s);
@@ -5668,12 +5684,28 @@ char* pvalIfGetCondition( pval *p )
void pvalIfTimeSetCondition( pval *p, char *hour_range, char *dow_range, char *dom_range, char *mon_range ) /* time range format: 24-hour format begin-end|dow range|dom range|month range */
{
- pval *hr = pvalCreateNode(PV_WORD);
- pval *dow = pvalCreateNode(PV_WORD);
- pval *dom = pvalCreateNode(PV_WORD);
- pval *mon = pvalCreateNode(PV_WORD);
- if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME))
+ pval *hr;
+ pval *dow;
+ pval *dom;
+ pval *mon;
+
+ if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME)) {
return;
+ }
+
+ hr = pvalCreateNode(PV_WORD);
+ dow = pvalCreateNode(PV_WORD);
+ dom = pvalCreateNode(PV_WORD);
+ mon = pvalCreateNode(PV_WORD);
+
+ if (!hr || !dom || !dow || !mon) {
+ destroy_pval(hr);
+ destroy_pval(dom);
+ destroy_pval(dow);
+ destroy_pval(mon);
+ return;
+ }
+
pvalWordSetString(hr, hour_range);
pvalWordSetString(dow, dow_range);
pvalWordSetString(dom, dom_range);
diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c
index b448c8e0bb84adb7e259ad7b3d402791717a991e..2e4f87362354a4780533c78ec5dc1e1e43af4b9d 100644
--- a/res/res_phoneprov.c
+++ b/res/res_phoneprov.c
@@ -410,10 +410,13 @@ static int load_file(const char *filename, char **ret)
fseek(f, 0, SEEK_END);
len = ftell(f);
fseek(f, 0, SEEK_SET);
- if (!(*ret = ast_malloc(len + 1)))
+ if (!(*ret = ast_malloc(len + 1))) {
+ fclose(f);
return -2;
+ }
if (len != fread(*ret, sizeof(char), len, f)) {
+ fclose(f);
ast_free(*ret);
*ret = NULL;
return -3;
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 08e80a38c2f73fc5b42ad24ab583775bd65d802b..048209ce11f6f883544a971325f5d32dd24bbcbb 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -429,7 +429,7 @@ static pjmedia_sdp_attr* generate_fmtp_attr(pj_pool_t *pool, struct ast_format *
*++tmp = '\0';
/* ast...generate gives us everything, just need value */
tmp = strchr(ast_str_buffer(fmtp0), ':');
- if (tmp && tmp + 1) {
+ if (tmp && tmp[1] != '\0') {
fmtp1 = pj_str(tmp + 1);
} else {
fmtp1 = pj_str(ast_str_buffer(fmtp0));