From 9c44ce5af253f08c3ec5bc1e1fa764c0f9dfd071 Mon Sep 17 00:00:00 2001
From: Intel A80486DX2-66 <larry.holst@disroot.org>
Date: Tue, 30 Jul 2024 17:38:51 +0300
Subject: [PATCH] reverse-ramdisk.c: fix memory safety

---
 c-programming/experiments/reverse-ramdisk.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/c-programming/experiments/reverse-ramdisk.c b/c-programming/experiments/reverse-ramdisk.c
index 5b2e62a..4c70482 100644
--- a/c-programming/experiments/reverse-ramdisk.c
+++ b/c-programming/experiments/reverse-ramdisk.c
@@ -112,6 +112,7 @@ int tf_alloc(size_t n, size_t type_size) {
 	FILE* file = fopen(file_path, "w+b");
 	if (file == NULL) {
 #endif
+		free(file_path);
 		LINE_FAIL(-2);
 		return -1;
 	}
@@ -149,6 +150,10 @@ int tf_free(int ID) {
 	DBG_PRINT("tf_free(%d)\n", ID);
 
 	size_t index = (size_t) ID;
+	if (index >= num_temp_files) {
+		errno = EINVAL;
+		return -1;
+	}
 
 	if (temp_files[index].locked) {
 		errno = EBUSY;
@@ -170,6 +175,7 @@ int tf_free(int ID) {
 	}
 
 	free(temp_files[index].file_path);
+	temp_files[index].file_path = NULL;
 
 	// Shift the remaining temp files in the array
 	for (size_t i = index; i < num_temp_files - 1; i++)
@@ -185,6 +191,9 @@ int tf_free(int ID) {
 			return -1;
 		}
 		temp_files = new_temp_files_ptr;
+	} else {
+		free(temp_files);
+		temp_files = NULL;
 	}
 
 	temp_files[index].locked = false;
@@ -196,6 +205,10 @@ int tf_write(int ID, size_t offset, void* src, size_t data_size) {
 	DBG_PRINT("tf_write(%d, %zu, %p, %zu)\n", ID, offset, src, data_size);
 
 	size_t index = (size_t) ID;
+	if (index >= num_temp_files) {
+		errno = EINVAL;
+		return -1;
+	}
 
 	if (temp_files[index].locked) {
 		errno = EBUSY;
@@ -266,6 +279,10 @@ int tf_read(int ID, size_t offset, void* dest, size_t data_size) {
 	DBG_PRINT("tf_read(%d, %zu, %p, %zu)\n", ID, offset, dest, data_size);
 
 	size_t index = (size_t) ID;
+	if (index >= num_temp_files) {
+		errno = EINVAL;
+		return -1;
+	}
 
 	if (temp_files[index].locked) {
 		errno = EBUSY;
@@ -310,7 +327,8 @@ int tf_read(int ID, size_t offset, void* dest, size_t data_size) {
 		fseek
 #endif
 		(file, offset, SEEK_SET) == -1) {
-		LINE_FAIL(-1);
+		free(src);
+		LINE_FAIL(-2);
 		return -1;
 	}