[PATCH:xsetroot] Only use results from GetWindowProperty if it returned success

Alan Coopersmith alan.coopersmith at oracle.com
Sat Jan 3 14:30:49 PST 2015 

Since Xlib prior to 1.6 didn't always clear values on failure, don't
assume they're safe to use unless we succeeded.

Reported by Oracle Parfait 1.5.1:
Error: Uninitialised memory (CWE 456)
   Possible access to uninitialised memory '&after'
        at line 328 of xsetroot.c in function 'FixupState'.
          &after allocated at line 317.
   Possible access to uninitialised memory '&data'
        at line 330 of xsetroot.c in function 'FixupState'.
          &data allocated at line 318.
   Possible access to uninitialised memory '&format'
        at line 328 of xsetroot.c in function 'FixupState'.
          &format allocated at line 316.
   Possible access to uninitialised memory '&length'
        at line 328 of xsetroot.c in function 'FixupState'.
          &length allocated at line 317.
   Possible access to uninitialised memory '&type'
        at line 328 of xsetroot.c in function 'FixupState'.
          &type allocated at line 315.
        at line 331 of xsetroot.c in function 'FixupState'.
          &type allocated at line 315.

Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
 xsetroot.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/xsetroot.c b/xsetroot.c
index 56ce741..5f142e1 100644
--- a/xsetroot.c
+++ b/xsetroot.c
@@ -331,10 +331,13 @@ FixupState(void)
 	return;
     prop = XInternAtom(dpy, "_XSETROOT_ID", False);
     if (unsave_past) {    
-	(void)XGetWindowProperty(dpy, root, prop, 0L, 1L, True, AnyPropertyType,
-				 &type, &format, &length, &after, &data);
-	if ((type == XA_PIXMAP) && (format == 32) &&
-	    (length == 1) && (after == 0))
+	if (XGetWindowProperty(dpy, root, prop, 0L, 1L, True, AnyPropertyType,
+		       &type, &format, &length, &after, &data) != Success)
+	    fprintf(stderr,
+		    "%s: warning: cannot get _XSETROOT_ID property from root window\n",
+		    program_name);
+	else if ((type == XA_PIXMAP) && (format == 32) &&
+		 (length == 1) && (after == 0))
 	    XKillClient(dpy, *((Pixmap *)data));
 	else if (type != None)
 	    fprintf(stderr, "%s: warning: _XSETROOT_ID property is garbage\n",
-- 
1.7.9.2

More information about the xorg-devel mailing list