[PATCH] kdrive: check for null memory, fix OOB

Peter Hutterer peter.hutterer at who-t.net
Mon Oct 24 19:59:27 PDT 2011


If key/value allocation failed, don't bother adding another InputOption. And
make sure the memory allocated is large enough for the trailing \0

Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
 hw/kdrive/src/kinput.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/hw/kdrive/src/kinput.c b/hw/kdrive/src/kinput.c
index a1bbcaa..6a1ce49 100644
--- a/hw/kdrive/src/kinput.c
+++ b/hw/kdrive/src/kinput.c
@@ -1049,10 +1049,15 @@ KdGetOptions (InputOption **options, char *string)
     if (strchr(string, '='))
     {
         tam_key = (strchr(string, '=') - string);
-        key = malloc(tam_key);
+        key = malloc(tam_key + 1);
+        if (!key)
+            goto out;
+
         strncpy(key, string, tam_key);
         key[tam_key] = '\0';
         value = strdup(strchr(string, '=') + 1);
+        if (!value)
+            goto out;
     }
     else
     {
@@ -1064,6 +1069,7 @@ KdGetOptions (InputOption **options, char *string)
     if (newopt)
         *options = newopt;
 
+out:
     free(key);
     free(value);
 
-- 
1.7.7



More information about the xorg-devel mailing list