==12976==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 6 byte(s) in 1 object(s) allocated from:
    #0 0x7f510b3ac810 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a810)
    #1 0x559ca29c5035 in nxagentKeyboardProc /home/uli/work/nx/ArcticaProject/nx-libs/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c:866
    #2 0x7a29bff07  (<unknown module>)

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7f510b3ac810 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a810)
    #1 0x559ca29c509a in nxagentKeyboardProc /home/uli/work/nx/ArcticaProject/nx-libs/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c:870
    #2 0x7a29bff07  (<unknown module>)

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7f510b3ac810 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a810)
    #1 0x559ca29c507f in nxagentKeyboardProc /home/uli/work/nx/ArcticaProject/nx-libs/nx-X11/programs/Xserver/hw/nxagent/Keyboard.c:869
    #2 0x7a29bff07  (<unknown module>)

SUMMARY: AddressSanitizer: 8 byte(s) leaked in 3 allocation(s).

If compiled with -fsanitize=address this showed up when running startlxde:

==11551==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d000018fbc at pc 0x7f270a9ed57b bp 0x7fff30ef3050 sp 0x7fff30ef2800
READ of size 204 at 0x60d000018fbc thread T0
    #0 0x7f270a9ed57a  (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xb857a)
    #1 0x559dafcd5c93 in FindGlyphRef ../../render/glyph.c:179
    #2 0x559dafcd705d in AddGlyph /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXglyph.c:71
    #3 0x559dafccc0ff in ProcRenderAddGlyphs ../../mi/../render/render.c:1186
    #4 0x559dafcbd5a5 in ProcRenderDispatch /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXrender.c:1689
    #5 0x559dafcbc4ea in Dispatch /work/nx-libs/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c:476
    #6 0x559dafc4e9b0 in main /work/nx-libs/nx-X11/programs/Xserver/dix/main.c:353
    #7 0x7f2708e1d09a in __libc_start_main ../csu/libc-start.c:308
    #8 0x559dafc4f5d9 in _start (/work/nx-libs/nx-X11/programs/Xserver/nxagent+0x6e5d9)

0x60d000018fbc is located 0 bytes to the right of 140-byte region [0x60d000018f30,0x60d000018fbc)
allocated by thread T0 here:
    #0 0x7f270aa1e330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
    #1 0x559dafcd646c in AllocateGlyph ../../render/glyph.c:348

This happens when two glyphs are compared via memcmp and the smaller
one happens to be identical to the beginning of the bigger one.

Newer render implementations use a sha1 hash instead of memcmp so this
patch will (hopefully) be obsolete once render gets updated.

==10226== 3,337 bytes in 1 blocks are definitely lost in loss record 295 of 307
==10226==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==10226==    by 0x6281DB9: strdup (strdup.c:42)
==10226==    by 0x2ABA9E: __glXClientInfo (glxcmds.c:2170)
==10226==    by 0x17CA3E: __glXDispatch (NXglxext.c:128)
==10226==    by 0x16EE77: Dispatch (NXdispatch.c:476)
==10226==    by 0x14DCE0: main (main.c:353)

There's no point in trying to free cl->* after memset(0).

This one is a bug that is found identically in xorg upstream and has
only been fixed during rework of the whole client resource freeing
stuff. So we fix it in glxext.c.

Fix these memory leaks:

==30021== 128 bytes in 1 blocks are definitely lost in loss record 230 of 302
==30021==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==30021==    by 0x2EF89C: init_visuals (xf86glx.c:390)
==30021==    by 0x2EF89C: __MESA_initVisuals (xf86glx.c:541)
==30021==    by 0x17C922: GlxInitVisuals (glxext.c:317)
==30021==    by 0x218E73: fbInitVisuals (fbcmap.c:668)
==30021==    by 0x20BEB1: fbFinishScreenInit (fbscreen.c:229)
==30021==    by 0x20C275: fbScreenInit (fbscreen.c:273)
==30021==    by 0x1E0317: nxagentOpenScreen (Screen.c:1357)
==30021==    by 0x16D848: AddScreen (dispatch.c:4171)
==30021==    by 0x1DB7FF: InitOutput (Init.c:396)
==30021==    by 0x14DB12: main (main.c:279)
==30021==
==30021== 3,072 (192 direct, 2,880 indirect) bytes in 1 blocks are definitely lost in loss record 290 of 302
==30021==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==30021==    by 0x2CCCC7: _gl_context_modes_create (glcontextmodes.c:364)
==30021==    by 0x2EF87C: init_visuals (xf86glx.c:381)
==30021==    by 0x2EF87C: __MESA_initVisuals (xf86glx.c:541)
==30021==    by 0x17C922: GlxInitVisuals (glxext.c:317)
==30021==    by 0x218E73: fbInitVisuals (fbcmap.c:668)
==30021==    by 0x20BEB1: fbFinishScreenInit (fbscreen.c:229)
==30021==    by 0x20C275: fbScreenInit (fbscreen.c:273)
==30021==    by 0x1E0317: nxagentOpenScreen (Screen.c:1357)
==30021==    by 0x16D848: AddScreen (dispatch.c:4171)
==30021==    by 0x1DB7FF: InitOutput (Init.c:396)
==30021==    by 0x14DB12: main (main.c:279)

The problem here is that GlxInitVisuals is called twice. First via
fbScreenInit and then again via nxagentInitGlxExtension. We remove the
first one to ensure the code in nxagenOpenScreen works as initially
intended.

There's an xorg upstream patch that does the same
(7d74690536b64f7b8e8036507ab7790807349c50), but it also cleans up
other stuff we do not even have in out source (yet?).

==12280== 0 bytes in 5 blocks are definitely lost in loss record 1 of 304
==12280==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==12280==    by 0x2EFC29: init_visuals (xf86glx.c:489)
==12280==    by 0x2EFC29: __MESA_initVisuals (xf86glx.c:540)
==12280==    by 0x17C902: GlxInitVisuals (glxext.c:317)
==12280==    by 0x218C03: fbInitVisuals (fbcmap.c:668)
==12280==    by 0x20BC41: fbFinishScreenInit (fbscreen.c:229)
==12280==    by 0x20C005: fbScreenInit (fbscreen.c:273)
==12280==    by 0x1E024C: nxagentOpenScreen (Screen.c:1356)
==12280==    by 0x16D828: AddScreen (dispatch.c:4171)
==12280==    by 0x1DB7DF: InitOutput (Init.c:396)
==12280==    by 0x14DB12: main (main.c:279)
==12280==
==12280== 64 bytes in 2 blocks are definitely lost in loss record 223 of 304
==12280==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==12280==    by 0x2EFA05: init_visuals (xf86glx.c:489)
==12280==    by 0x2EFA05: __MESA_initVisuals (xf86glx.c:540)
==12280==    by 0x17C902: GlxInitVisuals (glxext.c:317)
==12280==    by 0x218C03: fbInitVisuals (fbcmap.c:668)
==12280==    by 0x20BC41: fbFinishScreenInit (fbscreen.c:229)
==12280==    by 0x20C005: fbScreenInit (fbscreen.c:273)
==12280==    by 0x1E024C: nxagentOpenScreen (Screen.c:1356)
==12280==    by 0x16D828: AddScreen (dispatch.c:4171)
==12280==    by 0x1DB7DF: InitOutput (Init.c:396)
==12280==    by 0x14DB12: main (main.c:279)

Fixes these two memory leaks identified by valgrind:

==28336== 32 (8 direct, 24 indirect) bytes in 1 blocks are definitely lost in loss record 180 of 308
==28336==    at 0x48356AF: malloc (vg_replace_malloc.c:298)
==28336==    by 0x4837DE7: realloc (vg_replace_malloc.c:826)
==28336==    by 0x1AE322: AllocateDevicePrivate (privates.c:439)
==28336==    by 0x27527B: XkbSetExtension (xkbActions.c:72)
==28336==    by 0x198E9B: _RegisterPointerDevice (devices.c:361)
==28336==    by 0x1DBA35: InitInput (Init.c:440)
==28336==    by 0x14DBD6: main (main.c:303)
==28336==
==28336== 32 (8 direct, 24 indirect) bytes in 1 blocks are definitely lost in loss record 181 of 308
==28336==    at 0x48356AF: malloc (vg_replace_malloc.c:298)
==28336==    by 0x4837DE7: realloc (vg_replace_malloc.c:826)
==28336==    by 0x1AE322: AllocateDevicePrivate (privates.c:439)
==28336==    by 0x27527B: XkbSetExtension (xkbActions.c:72)
==28336==    by 0x198F1B: _RegisterKeyboardDevice (devices.c:384)
==28336==    by 0x1DBA3D: InitInput (Init.c:441)
==28336==    by 0x14DBD6: main (main.c:303)

This patch is not necessary at the current code level. But when xkb
code introduced the dev->key check Xorg upstream missed that. So we
backport it now to skip that trap when updating xkb code.

  Author: Alan Coopersmith <alan.coopersmith@sun.com>
  Date:   Mon Jan 4 18:21:54 2010 -0800

    CloseDevice: call XkbRemoveResourceClient before freeing key class struct

    XkbRemoveResourceClient() returns immediately if dev->key is NULL.
    CloseDevice calls XkbRemoveResourceClient until it removes all resources.

    If we free dev->key and NULL it before XkbRemoveResourceClient, then
    infinite loop ensues, and the server appears to hang on exit or crash.
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>

While trying to properly free memory allocated by XKB I accidently
called nxagentFreeKeyboardDeviceData twice and noticed it would cause
a segfault here. As the other pointers are also nullified after
being freed let's just do it here, too.

Fixes ArcticaProject/nx-libs#598

In nxagentOpenScreen we first initialized the RRExtension for the
screen and then replaced pScreen->CloseScreen by
nxagentCloseScreen. This resulted in RandR's RRCloseScreen (and any
other CloseScreen procedure installed by extensions) being no longer
called.

Moving RandR init after configuring pScreen->CloseScreen ensures the
correct calling cascade:

RRCloseScreen -> nxagentCloseScreen ->fbCloseScreen (called explicitly
by nxagentCloseScreen).

Which in turn will fix this memory leak:

==9688== 328 (312 direct, 16 indirect) bytes in 1 blocks are definitely lost in loss record 271 of 319
==9688==    at 0x4837B65: calloc (vg_replace_malloc.c:752)
==9688==    by 0x4ED2C6: RRScreenInit (randr.c:329)
==9688==    by 0x1F2B18: nxagentInitRandRExtension (Extensions.c:122)
==9688==    by 0x1DEAFF: nxagentOpenScreen (Screen.c:1409)
==9688==    by 0x16D7F8: AddScreen (dispatch.c:4257)
==9688==    by 0x1DA0CF: InitOutput (Init.c:397)
==9688==    by 0x14DCC2: main (main.c:280)

fixes a memory leak:

==19074== 2 bytes in 1 blocks are definitely lost in loss record 8 of 313
==19074==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==19074==    by 0x1FD83D: fbAllocatePrivates (fballpriv.c:79)
==19074==    by 0x20A666: fbSetupScreen (fbscreen.c:110)
==19074==    by 0x20A666: fbScreenInit (fbscreen.c:300)
==19074==    by 0x1DEA4C: nxagentOpenScreen (Screen.c:1356)
==19074==    by 0x16D7F8: AddScreen (dispatch.c:4257)
==19074==    by 0x1DA0CF: InitOutput (Init.c:397)
==19074==    by 0x14DCC2: main (main.c:280)

Backport of this commit:

  commit b2167015043a458e9cf93b827b43eb5b7c552ce9
  Author: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
  Date:   Sat Nov 4 23:06:27 2017 +0100

    xkb: initialize tsyms

    This fixes some “Conditional jump depends on uninitialized value(s)”
    errors spotted by valgrind.
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Signed-off-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>

by adding [] around values as almost everywhere

was in inital version of 6ce9fb5f but got lost
during some rebasing/cherry-picking preceeding the pull request.

Window.c:3827:46: warning: array subscript 128 is above array bounds of ‘StoringPixmapRec *[128]’ {aka ‘struct <anonymous> *[128]’} [-Warray-bounds]
               i, (void *) nxagentBSPixmapList[i]);

format was broken, would not compile

  commit 57e872301f5e836be2efb8f952f9c9711650b447
  Author: Adam Jackson <ajax@redhat.com>
  Date:   Thu Apr 5 13:07:09 2018 -0400

    mi: Hush an almost certainly bogus warning

    In file included from ../mi/miexpose.c:83:
    ../mi/miexpose.c: In function ‘miHandleExposures’:
    ../include/regionstr.h:174:22: warning: ‘expBox.y2’ may be used uninitialized in this function [-Wmaybe-uninitialized]
         (_pReg)->extents = *(_pBox);
         ~~~~~~~~~~~~~~~~~^~~~~~~~~~
    ../mi/miexpose.c:139:12: note: ‘expBox.y2’ was declared here
         BoxRec expBox;
                ^~~~~~

    etc. It's initialized if (extents), and then only read if (extents),
    but gcc doesn't seem to figure that out. Whatever, bzero it to be
    explicit.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Keith Packard <keithp@keithp.com>

They were just aliases to already existing defines and were not used
stringently. So we had mix of aliased and non-aliased uses which is
confusing when trying to understand the code...

This was eventually replaced by nxagentAddConfiguredWindow(pWin,
CW_Map) some lines below which is just leading to the same code being
executed some time later.

(nxagentAddConfiguredWindow() will add a window to a
list. nxagentFlushConfiguredWindow() is called at certain points to
update all windows in that list in one go. "update" here means calling
XConfigureWindow() or XMapWindow() on the real display.)

NXwindow.c:265:27: warning: ‘%d’ directive writing between 1 and 11 bytes into a region of size 10 [-Wformat-overflow=]
       sprintf(artsd_port,"%d", nPort);
                           ^~
NXwindow.c:265:26: note: directive argument in the range [-2147476648, 2147483647]
       sprintf(artsd_port,"%d", nPort);
                          ^~~~
NXwindow.c:265:7: note: ‘sprintf’ output between 2 and 12 bytes into a destination of size 10
       sprintf(artsd_port,"%d", nPort);
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We are not using any alloc function that respects that variable, so
lets drop it. Backport of this commit:

  commit 0ce61e21d6d7dcca0090e319bbcdb678570f2c3f
  Author: Adam Jackson <ajax@redhat.com>
  Date:   Fri Oct 3 16:05:19 2008 -0400

    Remove the Must_have_memory hack.

    Also remove an astonishing amount of misunderstanding of how casts work.

Attributes GH PR #814: https://github.com/ArcticaProject/nx-libs/pull/814

Attributes GH PR #812: https://github.com/ArcticaProject/nx-libs/pull/812

The only left function is identical to the one in mi/miexpose.c.

We do not even know what theme this is and it is probably not relevant
nowadays.

miPaintWindow() was identical to the version in miexpose.c except
for some unitialized variable fixes. As these also should be in
upstream code we add them there (Note: Xorg never fixed this but
totally rewrote the miPaintWindow() later on.)

This allows us to totally drop our special version of miPaintWindow().

It is (functionally) identical to our code, so why have
duplicate code?

Attributes GH PR #813: https://github.com/ArcticaProject/nx-libs/pull/813