libXtst: Changes to 'master'
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Fri Jul 26 22:34:18 UTC 2024
src/XRecord.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
New commits:
commit 4e4eb10495cc0d24b02c4cc82d86f3977f3cc95f
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sun Jul 21 10:05:36 2024 -0700
parse_reply_call_callback: avoid NULL dereference if reply is missing data
Clears up 7 -Wanalyzer-null-dereference warnings from gcc 14.1
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxtst/-/merge_requests/7>
commit 3f05df5a6c5140dc3d44f35b9fb635cca8b682c1
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Jul 20 17:03:59 2024 -0700
XRecordFreeState: avoid NULL dereference when called in error path
If the client_info pointer is NULL (for instance, if we decided
the number of entries would cause an integer overflow), then
don't attempt to walk it to free the entries.
Found by gcc 14.1:
XRecord.c:513:31: warning: dereference of NULL ‘0’ [CWE-476]
[-Wanalyzer-null-dereference]
513 | if (state->client_info[i]->ranges) {
| ~~~~~~~~~~~~~~~~~~^~~
[...]
| 452 | ret->client_info = client_inf;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (10) ‘client_inf’ is NULL
[...]
| 457 | XRecordFreeState(ret);
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | (14) ...to here
| | (15) calling ‘XRecordFreeState’ from ‘XRecordGetContext’
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxtst/-/merge_requests/7>
commit eb8370d5e4cf3d68f05b679d3679f695542eddb1
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sat Jul 20 16:35:48 2024 -0700
XRecordGetContext: Avoid double free in error path
XRecordFreeState() will handle the free for us, so let it.
Found by gcc 14.1:
XRecord.c:514:31: warning: use after ‘free’ of ‘*state.client_info + i * 8’
[CWE-416] [-Wanalyzer-use-after-free]
514 | if (state->client_info[i]->ranges) {
| ~~~~~~~~~~~~~~~~~~^~~
[...]
| 455 | free(client_inf);
| | ~~~~~~~~~~~~~~~~
| | |
| | (18) freed here
Fixes: e7e04b7 ("integer overflow in XRecordGetContext() [CVE-2013-2063]")
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxtst/-/merge_requests/7>
More information about the xorg-commit
mailing list