[PATCH:libX11] Bug 93184: read_EncodingInfo invalid free
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Dec 4 00:40:32 PST 2015
On 12/ 4/15 12:05 AM, walter harms wrote:
> Am 04.12.2015 08:30, schrieb Alan Coopersmith:
>> @@ -1895,7 +1895,8 @@ read_EncodingInfo(
>> len = strlen(buf);
>> font_data->name = Xmalloc(len + 1);
>> if (font_data->name == NULL) {
>> - Xfree(font_data);
>> + free_fontdataOM(ret, i + 1);
>> + Xfree(ret);
>> return NULL;
>> }
>> strncpy(font_data->name, buf,len);
>
>
> could you also replace strlen+malloc+strncopy with strdup() ?
Not in this case without rewriting the code paths more - the missing
context here is:
if ((bufptr = strchr(buf, ':'))) {
len = (int)(bufptr - buf);
bufptr++ ;
} else
len = strlen(buf);
font_data->name = Xmalloc(len + 1);
if (font_data->name == NULL) {
free_fontdataOM(ret, i + 1);
Xfree(ret);
return NULL;
}
strncpy(font_data->name, buf,len);
font_data->name[len] = 0;
Maybe could do something like
if (... strchr ...)
font_data->name = strndup
else
font_data->name = strdup
but that sounds like something to keep to a separate patch.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list