- 19 Oct, 2016 25 commits
-
-
Alan Coopersmith authored
Error: Memory leak (CWE 401) Memory leak of pointer 's' allocated with XCreateRegion() at line 387 of /export/alanc/X.Org/sx86-gcc/lib/libX11/nx-X11/lib/X11/Region.c in function 'XShrinkRegion'. 's' allocated at line 387 with XCreateRegion(). s leaks when s != 0 at line 387. Error: Memory leak (CWE 401) Memory leak of pointer 'tra' allocated with XCreateRegion() at line 1452 of /export/alanc/X.Org/sx86-gcc/lib/libX11/nx-X11/lib/X11/Region.c in function 'XXorRegion'. 'tra' allocated at line 1451 with XCreateRegion(). tra leaks when tra != 0 at line 1451. [ This bug was found by the Parfait 0.3.6 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by:Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by:
Ulrich Sibiller <uli42@gmx.de>
-
Erkki Seppälä authored
Properly handle the return value of XGetWindowProperty by considering if after the loop as well. Using freed pointer "prop_ret" There were numerous things wrong in how this function interacted with XGetWindowProperty. None of the local variables were initialized and remained that way if the call to XGetWindowProperty returned 1 (not Succeed). That doesn't result in after_ret being initialized in which case if it happens to be 0, the loop was exited. In that case format_ret and nitems_ret were uninitialized and the function might return with success (but with uninitialized pointer in prop_ret) or XcmsFailure. As the buffer enlarging code was called only when XGetWindowProperty failed (returned not Success), after_ret would not have been initialized. It would have been initialized only if the XGetWindowProperty has returned Success earlier, but in that case the code fragment would not have been reached. This patch alters the function to return XcmsFailure if the call to XGetWindowProperty fails. Reviewed-by:
Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com> Reviewed-by:
Rami Ylimäki <rami.ylimaki@vincit.fi> Signed-off-by:
Erkki Seppälä <erkki.seppala@vincit.fi> Backported-to-NX-by:
-
Ander Conselvan de Oliveira authored
property_return was free'd before and in the case the conditional is true, the call to XcmsGetProperty failed which means that property_return wasn't set so there is no need to free it again. Double free of pointer "property_return" in call to "free" Reviewed-by:
-
Alan Coopersmith authored
We can simplify the fstat failure case now that the GetFileSize macro has been expanded inline. Signed-off-by:
Julien Cristau <jcristau@debian.org> Backported-to-NX-by:
-
Alan Coopersmith authored
Removes XrmI.h header that only contained this single macro Signed-off-by:
-
Erkki Seppälä authored
Possible overrun of 8192 byte fixed size buffer "buffer" by copying "ext->name" without length checking Reviewed-by:
-
Erkki Seppälä authored
The situation is already handled before this code. Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..." Reviewed-by:
-
Ander Conselvan de Oliveira authored
info_list->watch_data was being reallocated, but the return value of the reallocation was stored only into a local variable. This might cause some funky behavior and crashes. Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer*)realloc((char*)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count + 1) * 4U)))" Reviewed-by:
-
Ander Conselvan de Oliveira authored
The rest of the code uses goto's to free memory allocated later and prevent memory leaks, but there were several paths were property_return was free'd just before a goto. Reviewed-by:
-
Ander Conselvan de Oliveira authored
property_return was not free'd if the allocation of pRedTbl failed. Reviewed-by:
-
Erkki Seppälä authored
The NEWTABLE macro missed freeing its allocated memory on subsequent memory allocation errors. Added call to Xfree. Variable "table" goes out of scope Reviewed-by:
-
Erkki Seppälä authored
Fixed memory leak by adding Xfree for image Variable "image" goes out of scope Reviewed-by:
-
Erkki Seppälä authored
Using uninitialized value "new" Reviewed-by:
-
Erkki Seppälä authored
Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used Reviewed-by:
-
Alan Coopersmith authored
Instead of copying the value returned by get_prop_name and then releasing it, directly use the return value of get_prop_name, which allocates memory for the name. If get_prop_name returns NULL, continue on to XFreeFont to release the font before returning the NULL via the normal function return. Reviewed-by:
-
Erkki Seppälä authored
Removed superfluous comparison. Reviewed-by:
Dirk Wallenstein <halsmit@t-online.de> Signed-off-by:
-
Erkki Seppälä authored
Check entry for non-nullness before dereferencing it Reviewed-by:
-
Erkki Seppälä authored
Dereferencing possibly NULL "str" in call to function "memcpy" (Deref assumed on the basis of 'nonnull' parameter attribute.) If _XkbGetReadBufferPtr returns NULL, goto BAILOUT Reviewed-by:
-
Erkki Seppälä authored
Reordered code to first to do the comparison and then to release data Reviewed-by:
-
Pauli Nieminen authored
If we receive unsupported event closing connection triggers valgrind error. ==12017== Conditional jump or move depends on uninitialised value(s) ==12017== at 0x487D454: _XFreeDisplayStructure (OpenDis.c:607) ==12017== by 0x486857B: XCloseDisplay (ClDisplay.c:72) *snip* ==12017== Uninitialised value was created by a heap allocation ==12017== at 0x4834C48: malloc (vg_replace_malloc.c:236) ==12017== by 0x4894147: _XEnq (XlibInt.c:877) ==12017== by 0x4891BF3: handle_response (xcb_io.c:335) ==12017== by 0x4892263: _XReply (xcb_io.c:626) *snip* Problem is that XFreeDisplaySturture is checking for qelt->event.type == GenericEvent while _XUnknownWireEvent doesn't store the type. Reviewed-by:
Adam Jackson <ajax@redhat.com> Reviewed-by:
Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by:
Pauli Nieminen <ext-pauli.nieminen@nokia.com> Backported-to-NX-by:
-
Alan Coopersmith authored
One of the malloc failure checks had a goto to the wrong spot in the list of cleanup free() calls to unwind at the end, and was freeing bits that hadn't been initialized/allocated yet, since they would be stored in the struct that just failed to be allocated. Error: Null pointer dereference (CWE 476) Read from pointer that could be constant 'NULL' at line 805 of /export/alanc/X.Org/sx86/lib/libX11/nx-X11/lib/X11/LRGB.c in function 'LINEAR_RGB_InitSCCData'. Pointer checked against constant 'NULL' at line 754 but does not protect the dereference. [ This bug was found by the Parfait bug checking tool. For more information see http://research.sun.com/projects/parfait ] Signed-off-by: -
Daniel Stone authored
If we get input in the style of 0xdeadbeef, just return that exact keysym. Introduces a dependency on strtoul, which I'm told is OK on all the systems we care about. Signed-off-by:
Daniel Stone <daniel@fooishbar.org> Backported-to-NX-by:
-
Daniel Stone authored
Signed-off-by:
Keith Packard <keithp@keithp.com> Backported-to-NX-by:
-
Daniel Stone authored
Since XStringToKeysym now supports all the vendor keysyms, just delete our XKeysymDB, which was incomplete at best, misleading at worst, and always an annoyance. Signed-off-by:
-
Daniel Stone authored
Some XFree86 keysyms were in XKeysymDB as XF86_foo, despite really being XF86foo. So, if we get to the bottom of XStringToKeysym and haven't found our XF86_foo, try it again as XF86foo. Signed-off-by:
-
- 14 Oct, 2016 2 commits
-
-
Mike Gabriel authored
debian/rules: Don't use -pie -fPIE at build time for 3.5.99.2 as it causes nxagent to segfault. Investigating the reasons behind it is in process...
-
Mihai Moldovan authored
The typo didn't cause immediate problems.
-
- 13 Oct, 2016 9 commits
-
-
Mike Gabriel authored
-
Mike Gabriel authored
-
Mike Gabriel authored
debian/rules: Don't modify/create post{inst,rm} scripts during dh_makeshlibs. This avoids adding ldconfig calls to such scripts. -
Mike Gabriel authored
-
Mike Gabriel authored
-
Mike Gabriel authored
-
Ulrich Sibiller authored
-
Ulrich Sibiller authored
-
Mike Gabriel authored
Attributes GH PR #215: https://github.com/ArcticaProject/nx-libs/pull/215
-
- 12 Oct, 2016 4 commits
-
-
Julien Cristau authored
Add a couple fixups for the security patches - off-by-one in xkb - memory leak in an error path Backport from debian to NX: Ulrich Sibiller <uli42@gmx.de> -
Matthieu Herrb authored
Freeing a pointer that wasn't returned by malloc() is undefined behavior and produces an error with OpenBSD's implementation. Signed-off-by:
Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by:
-
Alan Coopersmith authored
Various other bounds checks in the code assume this is true, so enforce it when we first get the data from the X server. Signed-off-by:
-
Alan Coopersmith authored
Prevents trying to free uninitialized pointers if we have to bail out partway through setup, such as if we receive a corrupted or incomplete connection setup block from the server. Signed-off-by:
-
