libFS: Changes to 'master'
Alan Coopersmith
alanc at kemper.freedesktop.org
Wed Apr 17 21:20:57 PDT 2013
src/FSFontInfo.c | 235 +++++++++++++++++--------------------------------------
src/FSFtNames.c | 10 +-
src/FSGetCats.c | 7 -
src/FSListCats.c | 11 +-
src/FSListExt.c | 8 -
src/FSOpenServ.c | 29 +++---
src/FSQGlyphs.c | 19 ++--
src/FSQXExt.c | 7 -
src/FSQXInfo.c | 7 -
src/FSlibInt.c | 8 -
10 files changed, 125 insertions(+), 216 deletions(-)
New commits:
commit f6030dd569094fb29720a4bf54aec784b1edcac5
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Apr 10 21:43:40 2013 -0700
Get rid of more duplication in error cleanup code in FSListFontsWithXInfo
Also get rely on free() to handle null pointers in cleanup code instead
of checking each one ourselves.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 1f260bfdcb8d83d6c21db70ad6ed0fa94e5f5abf
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Apr 10 20:55:36 2013 -0700
Avoid accessing freed memory on realloc failure in FSListFontsWithXInfo
Since we realloc 5 things in a row, and then check for failure, it's
quite possible one of our old pointers is now pointing to something
completely different, so instead update the pointers as we successfully
realloc them and then jump to the normal error processing cleanup if
one fails.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 3022dfdcdac08a4950695ded9f372e845f2be008
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Apr 10 19:04:22 2013 -0700
Avoid reading outside bounds when _FSReply receives an Error response
Upon receiving a response, _FSReply copies the first 8 bytes into *rep
and then looks at them to determine what type of response. If it's an
error packet, it then converts to an error struct and reads the rest,
but it was copying 16 bytes out of *rep to begin with, due to sloppy
casting. Since we immediately overwrite the second 8 bytes with the
data coming off the wire, this isn't horrible, but it really freaks out
static analysis and memory debugging tools.
Fixes parfait 1.1 warning:
Error: Buffer overrun
Read Outside Array Bounds in STD C function: Read outside array bounds in call to llvm.memcpy.p0i8.p0i8.i64. Buffer ((char*)((union fsError*)rep)) of size ??? is read at an offset of 16
size(((char*)((union fsError*)rep))) is 8, 16 is 16
at line 751 of src/FSlibInt.c in function '_FSReply'.
called at line 67 of src/FSSync.c in function 'FSSync' with rep = ((union fsReply*)&rep).
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 932131874109931bb6d50acc47ac94e51a2353de
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Apr 10 18:54:35 2013 -0700
Use NULL instead of 0 for null pointers
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 90b9754da977cb6804da4c38711ff33db772a9ca
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Apr 10 18:30:24 2013 -0700
Get rid of unnecessary casts in FSfree calls
No need to cast all other pointers to char *, since C89 free takes
any type of pointer. Casting all of them just hides errors if you
try to free something that's not really a pointer.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
commit 2cf3ed903048758ee696d410aba6afefd1582dec
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Wed Apr 10 18:26:22 2013 -0700
Get rid of unnecessary casts in FS*alloc calls
Stop taking 64-bit size_t, truncating to 32-bit unsigned int, and then
putting into a 64-bit size_t argument to underlying *alloc call.
Also stop casting results, since in C, that just hides missing prototype
errors that can cause memory corruption when taking an implicit 32-bit
int return value and trying to make a 64-bit pointer out of it.
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
More information about the xorg-commit
mailing list