[PATCH 00/31] Various fixes based on static analysis

Erkki Seppälä erkki.seppala at vincit.fi
Wed Jan 26 23:53:43 PST 2011


Here is a bunch of fixes based on the findings of a static code
analysis tool.

Ander Conselvan de Oliveira (6):
  Double free of pointer "property_return" in call to "free"
  xcms/LRGB: Fix potential resource leak.
  xcms/LRGB: Add a label for freeing property_return.
  Using freed pointer "prop_ret"
  Variable "wd_array" goes out of scope     Value "wd_array" is
    overwritten in "wd_array =
    (XPointer*)realloc((char*)info_list->watch_data,
    (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count
    + 1) * 4U)))"
  Using uninitialized value "conv->state" in call to function
    "close_converter"

Erkki Seppälä (26):
  Using freed pointer "e"
  Variable "map" goes out of scope
  Using uninitialized value "p->modifiers"
  Variable "fs" not freed or pointed-to in function "get_prop_name"
  Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used
  Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used
  Using uninitialized value "new"
  Possible overrun of 8192 byte fixed size buffer "buffer" by copying
    "ext->name" without length checking
  Variable "colormap_ret" goes out of scope
  Variable "missing_list" goes out of scope
  Variable "colormap_ret" goes out of scope
  Variable "colormap_ret" goes out of scope
  Variable "colormap_ret" goes out of scope
  Variable "image" goes out of scope
  Variable "prop_name" not freed or pointed-to in function "strlen"
  Variable "table" goes out of scope
  Dereferencing possibly NULL "str" in call to function "memcpy" 
    (Deref assumed on the basis of 'nonnull' parameter attribute.)
  Tracked variable "size" was passed to a negative sink.
  Variable "entry" tracked as NULL was dereferenced.
  Using uninitialized value "error.resourceID" in call to function
    "_XError"
  Return value of "XGetWindowProperty(im->core.display,
    spec->lib_connect_wid, prop, 0L, (length + bytes_after_ret + 3UL) /
    4UL, 1, 0UL, &type_ret, &format_ret, &nitems, &bytes_after_ret,
    &prop_ret)" is not checked
  Comparing array against NULL is not useful "&xkb->server->vmods !=
    NULL"
  a negative value was passed to memcpy
  Cannot reach dead expression "0U" inside statement "if (1U +
    (target_dir ? strl..."
  Cannot reach dead expression "0U" inside statement "if (1U +
    (target_dir ? strl..."
  Cannot reach dead statement "return NULL;"

 modules/im/ximcp/imLcLkup.c  |    4 ++++
 modules/im/ximcp/imRm.c      |    4 ++++
 modules/im/ximcp/imRmAttr.c  |    7 +++++--
 modules/im/ximcp/imThaiFlt.c |    5 ++++-
 modules/im/ximcp/imTrX.c     |   33 +++++++++++++++++++++------------
 modules/lc/def/lcDefConv.c   |    2 +-
 modules/lc/gen/lcGenConv.c   |    2 +-
 src/GetProp.c                |    2 +-
 src/ImUtil.c                 |    1 +
 src/KeyBind.c                |    5 ++++-
 src/XlibInt.c                |   12 +++++++-----
 src/Xrm.c                    |   10 +++++++++-
 src/xcms/LRGB.c              |   25 ++++++++++---------------
 src/xcms/cmsColNm.c          |    4 ++--
 src/xcms/cmsProp.c           |   11 ++++++-----
 src/xkb/XKB.c                |    2 +-
 src/xkb/XKBGAlloc.c          |    2 --
 src/xkb/XKBList.c            |    2 ++
 src/xkb/XKBMisc.c            |    2 +-
 src/xlibi18n/XDefaultOMIF.c  |    9 +++++----
 src/xlibi18n/lcFile.c        |    6 ++----
 src/xlibi18n/lcGeneric.c     |    2 +-
 22 files changed, 92 insertions(+), 60 deletions(-)



More information about the xorg-devel mailing list