[PATCH iceauth] Error out and avoid a call to malloc(0) if given a bad hex string
Alan Coopersmith
alan.coopersmith at oracle.com
Sat May 7 23:13:09 PDT 2011
On 04/28/11 12:53 AM, Jeremy Huddleston wrote:
>
> Found-by: clang static analyzer
> Signed-off-by: Jeremy Huddleston <jeremyhu at apple.com>
> ---
> process.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/process.c b/process.c
> index f51e643..56b7aaf 100644
> --- a/process.c
> +++ b/process.c
> @@ -401,8 +401,8 @@ static int cvthexkey ( /* turn hex key string into octets */
> len++;
> }
>
> - /* if odd then there was an error */
> - if ((len & 1) == 1) return -1;
> + /* if 0 or odd, then there was an error */
> + if (len == 0 || (len & 1) == 1) return -1;
>
>
> /* now we know that the input is good */
Looks like xauth needs the same fix. (iceauth is mostly a
duplicate copy of xauth.)
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
More information about the xorg-devel
mailing list