[PATCH 00/31] Various fixes based on static analysis
Erkki Seppälä
erkki.seppala at vincit.fi
Wed Jan 26 23:53:43 PST 2011
Here is a bunch of fixes based on the findings of a static code
analysis tool.
Ander Conselvan de Oliveira (6):
Double free of pointer "property_return" in call to "free"
xcms/LRGB: Fix potential resource leak.
xcms/LRGB: Add a label for freeing property_return.
Using freed pointer "prop_ret"
Variable "wd_array" goes out of scope Value "wd_array" is
overwritten in "wd_array =
(XPointer*)realloc((char*)info_list->watch_data,
(((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count
+ 1) * 4U)))"
Using uninitialized value "conv->state" in call to function
"close_converter"
Erkki Seppälä (26):
Using freed pointer "e"
Variable "map" goes out of scope
Using uninitialized value "p->modifiers"
Variable "fs" not freed or pointed-to in function "get_prop_name"
Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used
Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used
Using uninitialized value "new"
Possible overrun of 8192 byte fixed size buffer "buffer" by copying
"ext->name" without length checking
Variable "colormap_ret" goes out of scope
Variable "missing_list" goes out of scope
Variable "colormap_ret" goes out of scope
Variable "colormap_ret" goes out of scope
Variable "colormap_ret" goes out of scope
Variable "image" goes out of scope
Variable "prop_name" not freed or pointed-to in function "strlen"
Variable "table" goes out of scope
Dereferencing possibly NULL "str" in call to function "memcpy"
(Deref assumed on the basis of 'nonnull' parameter attribute.)
Tracked variable "size" was passed to a negative sink.
Variable "entry" tracked as NULL was dereferenced.
Using uninitialized value "error.resourceID" in call to function
"_XError"
Return value of "XGetWindowProperty(im->core.display,
spec->lib_connect_wid, prop, 0L, (length + bytes_after_ret + 3UL) /
4UL, 1, 0UL, &type_ret, &format_ret, &nitems, &bytes_after_ret,
&prop_ret)" is not checked
Comparing array against NULL is not useful "&xkb->server->vmods !=
NULL"
a negative value was passed to memcpy
Cannot reach dead expression "0U" inside statement "if (1U +
(target_dir ? strl..."
Cannot reach dead expression "0U" inside statement "if (1U +
(target_dir ? strl..."
Cannot reach dead statement "return NULL;"
modules/im/ximcp/imLcLkup.c | 4 ++++
modules/im/ximcp/imRm.c | 4 ++++
modules/im/ximcp/imRmAttr.c | 7 +++++--
modules/im/ximcp/imThaiFlt.c | 5 ++++-
modules/im/ximcp/imTrX.c | 33 +++++++++++++++++++++------------
modules/lc/def/lcDefConv.c | 2 +-
modules/lc/gen/lcGenConv.c | 2 +-
src/GetProp.c | 2 +-
src/ImUtil.c | 1 +
src/KeyBind.c | 5 ++++-
src/XlibInt.c | 12 +++++++-----
src/Xrm.c | 10 +++++++++-
src/xcms/LRGB.c | 25 ++++++++++---------------
src/xcms/cmsColNm.c | 4 ++--
src/xcms/cmsProp.c | 11 ++++++-----
src/xkb/XKB.c | 2 +-
src/xkb/XKBGAlloc.c | 2 --
src/xkb/XKBList.c | 2 ++
src/xkb/XKBMisc.c | 2 +-
src/xlibi18n/XDefaultOMIF.c | 9 +++++----
src/xlibi18n/lcFile.c | 6 ++----
src/xlibi18n/lcGeneric.c | 2 +-
22 files changed, 92 insertions(+), 60 deletions(-)
More information about the xorg-devel
mailing list