From ea066aa04dd118187ca0289053bc4ca5caa0a4a8 Mon Sep 17 00:00:00 2001
fix a potential null pointer deference error convert malloc() to calloc() to have valid null pointers on error. so we can release already allocated memory Signed-off-by: Walter Harms <[email protected]> --- src/register.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/src/register.c b/src/register.c index 833714b..2417dd7 100644 --- a/src/register.c +++ b/src/register.c @@ -67,7 +67,9 @@ IceRegisterForProtocolSetup ( if (i <= _IceLastMajorOpcode) { - p = _IceProtocols[i - 1].orig_client = malloc (sizeof(_IcePoProtocol)); + p = _IceProtocols[i - 1].orig_client = calloc (1,sizeof(_IcePoProtocol)); + if (!p) + return (-1); opcodeRet = i; } else if (_IceLastMajorOpcode == 255 || @@ -82,7 +84,9 @@ IceRegisterForProtocolSetup ( strdup(protocolName); p = _IceProtocols[_IceLastMajorOpcode].orig_client = - malloc (sizeof (_IcePoProtocol)); + calloc (1,sizeof (_IcePoProtocol)); + if (!p) + return (-1); _IceProtocols[_IceLastMajorOpcode].accept_client = NULL; @@ -95,15 +99,20 @@ IceRegisterForProtocolSetup ( p->version_count = versionCount; p->version_recs = malloc (versionCount * sizeof (IcePoVersionRec)); + if (!p->version_recs) + goto out_of_memory; + memcpy (p->version_recs, versionRecs, versionCount * sizeof (IcePoVersionRec)); if ((p->auth_count = authCount) > 0) { p->auth_names = malloc (authCount * sizeof (char *)); - + if (!p->auth_names); + goto out_of_memory; p->auth_procs = malloc (authCount * sizeof (IcePoAuthProc)); - + if (!p->auth_names); + goto out_of_memory; for (i = 0; i < authCount; i++) { p->auth_names[i] = strdup(authNames[i]); @@ -119,6 +128,15 @@ IceRegisterForProtocolSetup ( p->io_error_proc = IOErrorProc; return (opcodeRet); + +out_of_memory: + free(p->auth_procs); + free(p->auth_names); + free(p->version_recs); + free(p->release); + free(p->vendor); + free(p); + return (-1); } @@ -163,7 +181,10 @@ IceRegisterForProtocolReply ( if (i <= _IceLastMajorOpcode) { p = _IceProtocols[i - 1].accept_client = - malloc (sizeof (_IcePaProtocol)); + calloc (1,sizeof (_IcePaProtocol)); + if (!p) + return (-1); + opcodeRet = i; } else if (_IceLastMajorOpcode == 255 || @@ -180,7 +201,9 @@ IceRegisterForProtocolReply ( _IceProtocols[_IceLastMajorOpcode].orig_client = NULL; p = _IceProtocols[_IceLastMajorOpcode].accept_client = - malloc (sizeof (_IcePaProtocol)); + calloc (1,sizeof (_IcePaProtocol)); + if (!p) + return (-1); opcodeRet = ++_IceLastMajorOpcode; } @@ -191,6 +214,9 @@ IceRegisterForProtocolReply ( p->version_count = versionCount; p->version_recs = malloc (versionCount * sizeof (IcePaVersionRec)); + if (!p->version_recs) + goto out_of_memory; + memcpy (p->version_recs, versionRecs, versionCount * sizeof (IcePaVersionRec)); @@ -200,8 +226,12 @@ IceRegisterForProtocolReply ( if ((p->auth_count = authCount) > 0) { p->auth_names = malloc (authCount * sizeof (char *)); + if (!p->auth_names); + goto out_of_memory; p->auth_procs = malloc (authCount * sizeof (IcePaAuthProc)); + if (!p->auth_names); + goto out_of_memory; for (i = 0; i < authCount; i++) { @@ -220,5 +250,14 @@ IceRegisterForProtocolReply ( p->io_error_proc = IOErrorProc; return (opcodeRet); -} +out_of_memory: + free(p->auth_procs); + free(p->auth_names); + free(p->version_recs); + free(p->release); + free(p->vendor); + free(p); + return (-1); + +} -- 2.1.4 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
