From 874f391dbf13dcc84e13a494daed57539ffe2935 Mon Sep 17 00:00:00 2001
From: Chunbo Hua <chunbo.hua@intel.com>
Date: Thu, 15 Aug 2024 14:42:19 +0800
Subject: [PATCH] Validate memory right after malloc

The failure of malloc would make a NULL pointer. But if in this case,
things like reinterpret_cast is done to some shift from the NULL point,
it will return a valid pointer although its content would be Access
Violation area.

Bug: 359949838
Change-Id: Ie73bca426671ee85315b96f187a6de8c955cada6
Reviewed-on: https://chromium-review.googlesource.com/c/libyuv/libyuv/+/5789885
Reviewed-by: Frank Barchard <fbarchard@chromium.org>
---
 unit_test/unit_test.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/unit_test/unit_test.h b/unit_test/unit_test.h
index 99cc8d193..7440cc71c 100644
--- a/unit_test/unit_test.h
+++ b/unit_test/unit_test.h
@@ -70,9 +70,11 @@ static inline bool SizeValid(int src_width,
 }
 
 #define align_buffer_page_end(var, size)                                \
+  uint8_t* var = NULL;                                                  \
   uint8_t* var##_mem =                                                  \
       reinterpret_cast<uint8_t*>(malloc(((size) + 4095 + 63) & ~4095)); \
-  uint8_t* var = reinterpret_cast<uint8_t*>(                            \
+  if (var##_mem)                                                        \
+  var = reinterpret_cast<uint8_t*>(                                     \
       (intptr_t)(var##_mem + (((size) + 4095 + 63) & ~4095) - (size)) & ~63)
 
 #define free_aligned_buffer_page_end(var) \
@@ -80,9 +82,11 @@ static inline bool SizeValid(int src_width,
   var = NULL
 
 #define align_buffer_page_end_16(var, size)                                 \
+  uint16_t* var = NULL;                                                     \
   uint8_t* var##_mem =                                                      \
       reinterpret_cast<uint8_t*>(malloc(((size)*2 + 4095 + 63) & ~4095));   \
-  uint16_t* var = reinterpret_cast<uint16_t*>(                              \
+  if (var##_mem)                                                            \
+  var = reinterpret_cast<uint16_t*>(                                        \
       (intptr_t)(var##_mem + (((size)*2 + 4095 + 63) & ~4095) - (size)*2) & \
       ~63)