[PATCH:libXdmcp 1/2] Ensure ARRAY* structs are zero'ed out when allocation fails
Alan Coopersmith
alan.coopersmith at oracle.com
Sat May 4 19:20:41 PDT 2013
In the past some callers forgot to either initialize themselves or to
check the return values, so could try to read or write to uninitialized
pointers - we set the pointer to NULL & the size to 0 to avoid that.
Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
Array.c | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/Array.c b/Array.c
index 8862773..4f0561f 100644
--- a/Array.c
+++ b/Array.c
@@ -62,8 +62,11 @@ XdmcpAllocARRAY8 (ARRAY8Ptr array, int length)
return FALSE;
newData = (CARD8Ptr) xmalloc(length * sizeof (CARD8));
- if (!newData)
+ if (!newData) {
+ array->length = 0;
+ array->data = NULL;
return FALSE;
+ }
array->length = (CARD16) length;
array->data = newData;
return TRUE;
@@ -79,8 +82,11 @@ XdmcpAllocARRAY16 (ARRAY16Ptr array, int length)
return FALSE;
newData = (CARD16Ptr) xmalloc(length * sizeof (CARD16));
- if (!newData)
+ if (!newData) {
+ array->length = 0;
+ array->data = NULL;
return FALSE;
+ }
array->length = (CARD8) length;
array->data = newData;
return TRUE;
@@ -96,8 +102,11 @@ XdmcpAllocARRAY32 (ARRAY32Ptr array, int length)
return FALSE;
newData = (CARD32Ptr) xmalloc(length * sizeof (CARD32));
- if (!newData)
+ if (!newData) {
+ array->length = 0;
+ array->data = NULL;
return FALSE;
+ }
array->length = (CARD8) length;
array->data = newData;
return TRUE;
@@ -113,8 +122,11 @@ XdmcpAllocARRAYofARRAY8 (ARRAYofARRAY8Ptr array, int length)
return FALSE;
newData = (ARRAY8Ptr) xmalloc(length * sizeof (ARRAY8));
- if (!newData)
+ if (!newData) {
+ array->length = 0;
+ array->data = NULL;
return FALSE;
+ }
array->length = (CARD8) length;
array->data = newData;
return TRUE;
@@ -133,10 +145,12 @@ XdmcpARRAY8Equal (const ARRAY8Ptr array1, const ARRAY8Ptr array2)
int
XdmcpCopyARRAY8 (const ARRAY8Ptr src, ARRAY8Ptr dst)
{
- dst->length = src->length;
- dst->data = (CARD8 *) xmalloc(dst->length * sizeof (CARD8));
- if (!dst->data)
+ dst->data = (CARD8 *) xmalloc(src->length * sizeof (CARD8));
+ if (!dst->data) {
+ dst->length = 0;
return FALSE;
+ }
+ dst->length = src->length;
memmove (dst->data, src->data, src->length * sizeof (CARD8));
return TRUE;
}
--
1.7.9.2
More information about the xorg-devel
mailing list