From d7000845088f0d1c6a054d071703e0e016be5134 Mon Sep 17 00:00:00 2001
From: Bastian Dehn <hhaalo@arcor.de>
Date: Sat, 11 Oct 2025 12:02:52 +0200
Subject: [PATCH] fix allocate issues in handler

---
 src/kds_s2000w_handler.c | 30 ++++++++++++++++++++++++------
 src/kds_s2000w_net.c     |  2 ++
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/kds_s2000w_handler.c b/src/kds_s2000w_handler.c
index 3f4d11a..7b4c479 100644
--- a/src/kds_s2000w_handler.c
+++ b/src/kds_s2000w_handler.c
@@ -62,6 +62,9 @@ handler* kds_s2000w_handler_init()
 	kds_s2000w_debug_printf(ALL, "init handler");
 
 	handler* h = malloc(sizeof(handler));
+	if (h == NULL)
+		return NULL;
+
 	h->current_scanner_config = NULL;
 	h->current_scan_status = malloc(sizeof(scanstatus));
 	h->read_info = malloc(sizeof(readinfo));
@@ -144,8 +147,10 @@ void kds_s2000w_handler_open(const char* devicename, void** handle)
 		return;
 
 	handler* h = kds_s2000w_handler_init();
-	*handle = h;
+	if (h == NULL)
+		return;
 
+	*handle = h;
 	_kds_s2000w_handler_load_config(h);
 	kds_s2000w_debug_printf_version(INFO, DEVICE_NAME, MAJOR, MINOR, PATCH);
 
@@ -295,18 +300,31 @@ void kds_s2000w_handler_get_current_metadata(handler* h, metadata* params)
 		return;
 
 	image_metadata* mdata = malloc(sizeof(image_metadata));
-
-	blobdata* image = (blobdata*) h->image;
+	if (mdata == NULL)
+		return;
 	blobdata* scanner_image = malloc(sizeof(blobdata));
-	uint8_t channels = 1;
-
+	if (scanner_image == NULL) {
+		free(mdata);
+		mdata = NULL;
+		return;
+	}
+	blobdata* image = (blobdata*) h->image;
 	scanner_image->data = malloc(sizeof(char) *  image->size);
+	if (scanner_image->data == NULL) {
+		free(mdata);
+		mdata = NULL;
+		free(scanner_image);
+		scanner_image = NULL;
+		return;
+	}
+
 	scanner_image->size = image->size;
-	memcpy(scanner_image->data,  image->data,  image->size);
+	memcpy(scanner_image->data, image->data, image->size);
 	free(image->data);
 	image->data = NULL;
 	image->data = 0;
 
+	uint8_t channels = 1;
 	if (params->format == 1)
 		channels = 3;
 
diff --git a/src/kds_s2000w_net.c b/src/kds_s2000w_net.c
index 9d8b7de..9f1a849 100644
--- a/src/kds_s2000w_net.c
+++ b/src/kds_s2000w_net.c
@@ -73,6 +73,8 @@ SANE_Status sane_kds_s2000w_net_open(SANE_String_Const devicename,
 		return SANE_STATUS_INVAL;
 
 	kds_s2000w_handler_open(devicename, handle);
+	if (handle == NULL)
+		return SANE_STATUS_NO_MEM;
 
 	handler* h = (handler*) *handle;
 
-- 
2.47.3