fix a potential null pointer deference error and properly dispose the affected message
Signed-off-by: Walter Harms <[email protected]> --- src/process.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/process.c b/src/process.c index a9a8d08..89f0403 100644 --- a/src/process.c +++ b/src/process.c @@ -923,6 +923,14 @@ ProcessConnectionSetup ( if ((hisAuthCount = message->authCount) > 0) { hisAuthNames = malloc (hisAuthCount * sizeof (char *)); + + if (!hisAuthNames) + { + iceConn->connection_status = IceConnectRejected; + IceDisposeCompleteMessage (iceConn, pStart); + return (0); + } + EXTRACT_LISTOF_STRING (pData, swap, hisAuthCount, hisAuthNames); } @@ -1058,6 +1066,13 @@ ProcessConnectionSetup ( iceConn->connect_to_me = setupInfo = malloc (sizeof (_IceConnectToMeInfo)); + if (!iceConn->connect_to_me) + { + iceConn->connection_status = IceConnectRejected; + IceDisposeCompleteMessage (iceConn, pStart); + return (0); + } + setupInfo->my_version_index = myVersionIndex; setupInfo->his_version_index = hisVersionIndex; setupInfo->his_vendor = vendor; @@ -1961,6 +1976,12 @@ ProcessProtocolSetup ( if ((hisAuthCount = message->authCount) > 0) { hisAuthNames = malloc (hisAuthCount * sizeof (char *)); + if (!hisAuthNames) + { + IceDisposeCompleteMessage (iceConn, pStart); + return (0); + } + EXTRACT_LISTOF_STRING (pData, swap, hisAuthCount, hisAuthNames); } @@ -2091,6 +2112,12 @@ ProcessProtocolSetup ( iceConn->protosetup_to_me = setupInfo = malloc (sizeof (_IceProtoSetupToMeInfo)); + if (!iceConn->protosetup_to_me) + { + IceDisposeCompleteMessage (iceConn, pStart); + return (0); + } + setupInfo->his_opcode = hisOpcode; setupInfo->my_opcode = myOpcode; setupInfo->my_version_index = myVersionIndex; -- 2.1.4 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
