[PATCH] xfree86: parser: Fix using heap memory for driver names. (Fixes #17438)

Wed, 04 Aug 2010 23:55:32 -0700 

I also put this patch in bugzilla, in case it might help somebody in the
future.

While I'm at it, can I get some thoughts about logging this as a warning or
informational. What about deprecating this feature?

From e82132c1d1a6a182d2844ae3de30eb1409e3505c Mon Sep 17 00:00:00 2001
From: Jesse Adkins <[email protected]>
Date: Wed, 4 Aug 2010 23:39:14 -0700
Subject: [PATCH] xfree86: parser: Never use heap memory for driver names (fixes #17438)

When the parser sees the "keyboard" driver, it automatically (and
 silently) replaces it with "kbd" (from heap).
Everybody else uses malloc'd memory for the driver name, so input
 device closure assumes it can use free.
Free val.str, so this crash doesn't turn into a memory leak. Whew.

Signed-off-by: Jesse Adkins <[email protected]>
---
 hw/xfree86/parser/Input.c      |    7 +++++--
 hw/xfree86/parser/InputClass.c |    6 ++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/hw/xfree86/parser/Input.c b/hw/xfree86/parser/Input.c
index 50869d4..6fd15f6 100644
--- a/hw/xfree86/parser/Input.c
+++ b/hw/xfree86/parser/Input.c
@@ -59,6 +59,7 @@
 #include <xorg-config.h>
 #endif
 
+#include "os.h"
 #include "xf86Parser.h"
 #include "xf86tokens.h"
 #include "Configint.h"
@@ -102,8 +103,10 @@ xf86parseInputSection (void)
 		case DRIVER:
 			if (xf86getSubToken (&(ptr->inp_comment)) != STRING)
 				Error (QUOTE_MSG, "Driver");
-                        if (strcmp(val.str, "keyboard") == 0)
-                            ptr->inp_driver = "kbd";
+                        if (strcmp(val.str, "keyboard") == 0) {
+                            ptr->inp_driver = Xstrdup("kbd");
+                            free(val.str);
+                        }
                         else
 			    ptr->inp_driver = val.str;
 			break;
diff --git a/hw/xfree86/parser/InputClass.c b/hw/xfree86/parser/InputClass.c
index ce611d9..080de07 100644
--- a/hw/xfree86/parser/InputClass.c
+++ b/hw/xfree86/parser/InputClass.c
@@ -111,8 +111,10 @@ xf86parseInputClassSection(void)
         case DRIVER:
             if (xf86getSubToken(&(ptr->comment)) != STRING)
                 Error(QUOTE_MSG, "Driver");
-            if (strcmp(val.str, "keyboard") == 0)
-                ptr->driver = "kbd";
+            if (strcmp(val.str, "keyboard") == 0) {
+                ptr->driver = Xstrdup("kbd");
+                free(val.str);
+            }
             else
                 ptr->driver = val.str;
             break;
-- 
1.7.0.4


_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to