[PATCH:xf86-input-mouse] Avoid NULL pointer dereference in autoprobe if proto == PROT_UNSUP
Alan Coopersmith
alan.coopersmith at oracle.com
Wed Nov 30 19:32:47 PST 2011
Error: Null pointer dereference (CWE 476)
Read from null pointer 'GetProtocol(proto)'
at line 3477 of driver/xf86-input-mouse/src/mouse.c in function 'autoProbeMouse'.
Function 'GetProtocol' may return constant 'NULL' at line 736, called at line 3477.
Null pointer introduced at line 736 in function 'GetProtocol'.
We already handle one of the two cases that make GetProtocol return NULL,
proto == PROTO_UNKNOWN, but not PROT_UNSUP.
[ This bug was found by the Parfait 0.4.2 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
src/mouse.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/mouse.c b/src/mouse.c
index 5160786..1b822f0 100644
--- a/src/mouse.c
+++ b/src/mouse.c
@@ -3469,12 +3469,14 @@ autoProbeMouse(InputInfoPtr pInfo, Bool inSync, Bool lostSync)
case AUTOPROBE_SWITCH_PROTOCOL:
{
MouseProtocolID proto;
+ MouseProtocolPtr pProto;
void *defaults;
AP_DBG(("State SWITCH_PROTOCOL\n"));
proto = mPriv->protoList[mPriv->protocolID++];
if (proto == PROT_UNKNOWN)
mPriv->autoState = AUTOPROBE_SWITCHSERIAL;
- else if (!(defaults = GetProtocol(proto)->defaults)
+ else if (!(pProto = GetProtocol(proto))
+ || !(defaults = pProto->defaults)
|| (mPriv->serialDefaultsNum == -1
&& (defaults == msDefaults))
|| (mPriv->serialDefaultsNum != -1
--
1.7.3.2
More information about the xorg-devel
mailing list