[PATCH iceauth] Error out and avoid a call to malloc(0) if given a bad hex string
Jeremy Huddleston
jeremyhu at apple.com
Sun May 8 09:03:36 PDT 2011
Yep. Scroll up in your mail log ;)
http://cgit.freedesktop.org/xorg/app/xauth/commit/?id=5032c286df16737277c9a04e1083171ffec89000
On May 7, 2011, at 11:13 PM, Alan Coopersmith wrote:
> On 04/28/11 12:53 AM, Jeremy Huddleston wrote:
>>
>> Found-by: clang static analyzer
>> Signed-off-by: Jeremy Huddleston <jeremyhu at apple.com>
>> ---
>> process.c | 4 ++--
>> 1 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/process.c b/process.c
>> index f51e643..56b7aaf 100644
>> --- a/process.c
>> +++ b/process.c
>> @@ -401,8 +401,8 @@ static int cvthexkey ( /* turn hex key string into octets */
>> len++;
>> }
>>
>> - /* if odd then there was an error */
>> - if ((len & 1) == 1) return -1;
>> + /* if 0 or odd, then there was an error */
>> + if (len == 0 || (len & 1) == 1) return -1;
>>
>>
>> /* now we know that the input is good */
>
> Looks like xauth needs the same fix. (iceauth is mostly a
> duplicate copy of xauth.)
>
> --
> -Alan Coopersmith- alan.coopersmith at oracle.com
> Oracle Solaris Platform Engineering: X Window System
>
More information about the xorg-devel
mailing list