[PATCH:libXdmcp 1/2] Ensure ARRAY* structs are zero'ed out when allocation fails

[Alan Coopersmith]

In the past some callers forgot to either initialize themselves or to
check the return values, so could try to read or write to uninitialized
pointers - we set the pointer to NULL & the size to 0 to avoid that.

Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
 Array.c |   28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/Array.c b/Array.c
index 8862773..4f0561f 100644
--- a/Array.c
+++ b/Array.c
@@ -62,8 +62,11 @@ XdmcpAllocARRAY8 (ARRAY8Ptr array, int length)
 	return FALSE;
 
     newData = (CARD8Ptr) xmalloc(length * sizeof (CARD8));
-    if (!newData)
+    if (!newData) {
+	array->length = 0;
+	array->data = NULL;
 	return FALSE;
+    }
     array->length = (CARD16) length;
     array->data = newData;
     return TRUE;
@@ -79,8 +82,11 @@ XdmcpAllocARRAY16 (ARRAY16Ptr array, int length)
 	return FALSE;
 
     newData = (CARD16Ptr) xmalloc(length * sizeof (CARD16));
-    if (!newData)
+    if (!newData) {
+	array->length = 0;
+	array->data = NULL;
 	return FALSE;
+    }
     array->length = (CARD8) length;
     array->data = newData;
     return TRUE;
@@ -96,8 +102,11 @@ XdmcpAllocARRAY32 (ARRAY32Ptr array, int length)
 	return FALSE;
 
     newData = (CARD32Ptr) xmalloc(length * sizeof (CARD32));
-    if (!newData)
+    if (!newData) {
+	array->length = 0;
+	array->data = NULL;
 	return FALSE;
+    }
     array->length = (CARD8) length;
     array->data = newData;
     return TRUE;
@@ -113,8 +122,11 @@ XdmcpAllocARRAYofARRAY8 (ARRAYofARRAY8Ptr array, int length)
 	return FALSE;
 
     newData = (ARRAY8Ptr) xmalloc(length * sizeof (ARRAY8));
-    if (!newData)
+    if (!newData) {
+	array->length = 0;
+	array->data = NULL;
 	return FALSE;
+    }
     array->length = (CARD8) length;
     array->data = newData;
     return TRUE;
@@ -133,10 +145,12 @@ XdmcpARRAY8Equal (const ARRAY8Ptr array1, const ARRAY8Ptr array2)
 int
 XdmcpCopyARRAY8 (const ARRAY8Ptr src, ARRAY8Ptr dst)
 {
-    dst->length = src->length;
-    dst->data = (CARD8 *) xmalloc(dst->length * sizeof (CARD8));
-    if (!dst->data)
+    dst->data = (CARD8 *) xmalloc(src->length * sizeof (CARD8));
+    if (!dst->data) {
+	dst->length = 0;
 	return FALSE;
+    }
+    dst->length = src->length;
     memmove (dst->data, src->data, src->length * sizeof (CARD8));
     return TRUE;
 }
-- 
1.7.9.2