[PATCH:libX11] LINEAR_RGB_InitSCCData: When malloc fails, don't try to free unallocated bits
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Jun 4 13:24:39 PDT 2010
One of the malloc failure checks had a goto to the wrong spot in the
list of cleanup free() calls to unwind at the end, and was freeing
bits that hadn't been initialized/allocated yet, since they would be
stored in the struct that just failed to be allocated.
Error: Null pointer dereference (CWE 476)
Read from pointer that could be constant 'NULL'
at line 805 of /export/alanc/X.Org/sx86/lib/libX11/src/xcms/LRGB.c in function 'LINEAR_RGB_InitSCCData'.
Pointer checked against constant 'NULL' at line 754 but does not protect the dereference.
[ This bug was found by the Parfait bug checking tool.
For more information see http://research.sun.com/projects/parfait ]
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
src/xcms/LRGB.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/xcms/LRGB.c b/src/xcms/LRGB.c
index 4e9f029..2f7a4cc 100644
--- a/src/xcms/LRGB.c
+++ b/src/xcms/LRGB.c
@@ -753,7 +753,7 @@ LINEAR_RGB_InitSCCData(
/* Blue Intensity Table */
if (!(pScreenData->pBlueTbl = (IntensityTbl *)
Xcalloc (1, sizeof(IntensityTbl)))) {
- goto FreeBlueTblElements;
+ goto FreeGreenTblElements;
}
if (_XcmsGetTableType1(pScreenData->pBlueTbl, format_return, &pChar,
&nitems) == XcmsFailure) {
--
1.5.6.5
More information about the xorg-devel
mailing list