Re: [PATCH libX11] Fix wrong Xfree in XListFonts failure path

Sun, 08 Jan 2017 15:30:07 -0800 

On Sat, Jan 07, 2017 at 09:55:34AM -0800, Alan Coopersmith wrote:
> Reviewed-by: Alan Coopersmith <[email protected]>
> 
> Looks like this bug was introduced just after the 1.6.4 release and hasn't
> made it out into a libX11 release yet - thanks for catching it in time.
> 
>       -alan-

   663f470..c74b070  master -> master


thanks

Cheers,
   Peter

> 
> On 01/ 7/17 07:20 AM, Julien Cristau wrote:
> > 'ch' gets moved inside the allocated buffer as we're looping through
> > fonts, so keep a reference to the start of the buffer so we can pass
> > that to Xfree in the failure case.
> > 
> > Fixes: commit 20a3f99eba5001925b8b313da3accb7900eb1927 "Plug a memory leak"
> > 
> > Signed-off-by: Julien Cristau <[email protected]>
> > ---
> >  src/FontNames.c | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/FontNames.c b/src/FontNames.c
> > index 3e23b5f4..9ffdfd29 100644
> > --- a/src/FontNames.c
> > +++ b/src/FontNames.c
> > @@ -43,6 +43,7 @@ int *actualCount) /* RETURN */
> >      register int length;
> >      char **flist = NULL;
> >      char *ch = NULL;
> > +    char *chstart;
> >      char *chend;
> >      int count = 0;
> >      xListFontsReply rep;
> > @@ -86,6 +87,7 @@ int *actualCount) /* RETURN */
> >     /*
> >      * unpack into null terminated strings.
> >      */
> > +   chstart = ch;
> >     chend = ch + (rlen + 1);
> >     length = *(unsigned char *)ch;
> >     *ch = 1; /* make sure it is non-zero for XFreeFontNames */
> > @@ -98,14 +100,14 @@ int *actualCount)      /* RETURN */
> >                 *ch = '\0';  /* and replace with null-termination */
> >                 count++;
> >             } else {
> > -                    Xfree(ch);
> > +                    Xfree(chstart);
> >                      Xfree(flist);
> >                      flist = NULL;
> >                      count = 0;
> >                      break;
> >             }
> >         } else {
> > -                Xfree(ch);
> > +                Xfree(chstart);
> >                  Xfree(flist);
> >                  flist = NULL;
> >                  count = 0;
> > 
> 
> 
> -- 
>       -Alan Coopersmith-              [email protected]
>        Oracle Solaris Engineering - http://blogs.oracle.com/alanc
> _______________________________________________
> [email protected]: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: https://lists.x.org/mailman/listinfo/xorg-devel
> 
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to