[PATCH libX11] Fix wrong Xfree in XListFonts failure path

Alan Coopersmith alan.coopersmith at oracle.com
Sat Jan 7 17:55:34 UTC 2017


Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>

Looks like this bug was introduced just after the 1.6.4 release and hasn't
made it out into a libX11 release yet - thanks for catching it in time.

	-alan-

On 01/ 7/17 07:20 AM, Julien Cristau wrote:
> 'ch' gets moved inside the allocated buffer as we're looping through
> fonts, so keep a reference to the start of the buffer so we can pass
> that to Xfree in the failure case.
>
> Fixes: commit 20a3f99eba5001925b8b313da3accb7900eb1927 "Plug a memory leak"
>
> Signed-off-by: Julien Cristau <jcristau at debian.org>
> ---
>  src/FontNames.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/FontNames.c b/src/FontNames.c
> index 3e23b5f4..9ffdfd29 100644
> --- a/src/FontNames.c
> +++ b/src/FontNames.c
> @@ -43,6 +43,7 @@ int *actualCount)	/* RETURN */
>      register int length;
>      char **flist = NULL;
>      char *ch = NULL;
> +    char *chstart;
>      char *chend;
>      int count = 0;
>      xListFontsReply rep;
> @@ -86,6 +87,7 @@ int *actualCount)	/* RETURN */
>  	/*
>  	 * unpack into null terminated strings.
>  	 */
> +	chstart = ch;
>  	chend = ch + (rlen + 1);
>  	length = *(unsigned char *)ch;
>  	*ch = 1; /* make sure it is non-zero for XFreeFontNames */
> @@ -98,14 +100,14 @@ int *actualCount)	/* RETURN */
>  		    *ch = '\0';  /* and replace with null-termination */
>  		    count++;
>  		} else {
> -                    Xfree(ch);
> +                    Xfree(chstart);
>                      Xfree(flist);
>                      flist = NULL;
>                      count = 0;
>                      break;
>  		}
>  	    } else {
> -                Xfree(ch);
> +                Xfree(chstart);
>                  Xfree(flist);
>                  flist = NULL;
>                  count = 0;
>


-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc


More information about the xorg-devel mailing list