[PATCH] xserver: Avoid sending uninitialized padding data over the network
Peter Åstrand
astrand at cendio.se
Wed Feb 11 09:00:27 PST 2009
This patch is in spirit similar to the recent libXfont patch (commit
04ced93e997b185b5d9124cacc96fa39a77b2ab7 ), but for the xserver instead.
The patch is most likely not complete: I haven't exercised every
operation. With the patch, however, I can launch the xserver, xterm,
metacity plus Firefox, without a single Valgrind 3.4.0 warning.
Best regards,
---
Peter Åstrand ThinLinc Chief Developer
Cendio AB http://www.cendio.com
Wallenbergs gata 4
583 30 Linköping Phone: +46-13-21 46 00
-------------- next part --------------
From 298847be7f1af550b83c13baab07fa97b4a95f78 Mon Sep 17 00:00:00 2001
From: Peter Astrand <astrand at maggie.lkpg.cendio.se>
Date: Wed, 11 Feb 2009 17:51:25 +0100
Subject: [PATCH] Avoid sending uninitialized padding data over the network. Besides
cluttering Valgrind output, this might also be an information leak.
Signed-off-by: Peter Astrand <astrand at cendio.se>
---
Xext/bigreq.c | 1 +
Xext/shape.c | 2 ++
Xext/shm.c | 1 +
Xext/sync.c | 1 +
Xi/getvers.c | 1 +
Xi/listdev.c | 3 ++-
Xi/opendev.c | 1 +
dix/devices.c | 2 ++
dix/dispatch.c | 18 ++++++++++++++----
dix/dixfonts.c | 2 ++
dix/events.c | 10 ++++++++++
dix/extension.c | 2 ++
dix/main.c | 4 ++++
dix/property.c | 2 ++
dix/selection.c | 2 ++
dix/window.c | 10 ++++++++++
mi/miexpose.c | 3 ++-
randr/rrxinerama.c | 1 +
render/render.c | 3 ++-
xfixes/select.c | 1 +
xfixes/xfixes.c | 1 +
xkb/xkb.c | 5 ++++-
xkb/xkbEvents.c | 6 ++++++
xkb/xkbUtils.c | 1 +
24 files changed, 75 insertions(+), 8 deletions(-)
diff --git a/Xext/bigreq.c b/Xext/bigreq.c
index 8857df3..1cd238b 100644
--- a/Xext/bigreq.c
+++ b/Xext/bigreq.c
@@ -57,6 +57,7 @@ ProcBigReqDispatch (ClientPtr client)
xBigReqEnableReply rep;
int n;
+ memset(&rep, 0, sizeof(xBigReqEnableReply));
if (client->swapped) {
swaps(&stuff->length, n);
}
diff --git a/Xext/shape.c b/Xext/shape.c
index fbf8f8c..46d7494 100644
--- a/Xext/shape.c
+++ b/Xext/shape.c
@@ -255,6 +255,7 @@ ProcShapeQueryVersion (ClientPtr client)
xShapeQueryVersionReply rep;
int n;
+ memset(&rep, 0, sizeof(xShapeQueryVersionReply));
REQUEST_SIZE_MATCH (xShapeQueryVersionReq);
rep.type = X_Reply;
rep.length = 0;
@@ -678,6 +679,7 @@ ProcShapeQueryExtents (ClientPtr client)
int n, rc;
RegionPtr region;
+ memset(&rep, 0, sizeof(xShapeQueryExtentsReply));
REQUEST_SIZE_MATCH (xShapeQueryExtentsReq);
rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
if (rc != Success)
diff --git a/Xext/shm.c b/Xext/shm.c
index 7b63484..b94b878 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -308,6 +308,7 @@ ProcShmQueryVersion(ClientPtr client)
xShmQueryVersionReply rep;
int n;
+ memset(&rep, 0, sizeof(xShmQueryVersionReply));
REQUEST_SIZE_MATCH(xShmQueryVersionReq);
rep.type = X_Reply;
rep.length = 0;
diff --git a/Xext/sync.c b/Xext/sync.c
index 9236fab..7ce3ba6 100644
--- a/Xext/sync.c
+++ b/Xext/sync.c
@@ -1142,6 +1142,7 @@ ProcSyncInitialize(ClientPtr client)
xSyncInitializeReply rep;
int n;
+ memset(&rep, 0, sizeof(xSyncInitializeReply));
REQUEST_SIZE_MATCH(xSyncInitializeReq);
rep.type = X_Reply;
diff --git a/Xi/getvers.c b/Xi/getvers.c
index f8fd56e..9a9129d 100644
--- a/Xi/getvers.c
+++ b/Xi/getvers.c
@@ -97,6 +97,7 @@ ProcXGetExtensionVersion(ClientPtr client)
REQUEST(xGetExtensionVersionReq);
REQUEST_AT_LEAST_SIZE(xGetExtensionVersionReq);
+ memset(&rep, 0, sizeof(xGetExtensionVersionReply));
if (stuff->length != (sizeof(xGetExtensionVersionReq) +
stuff->nbytes + 3) >> 2)
return BadLength;
diff --git a/Xi/listdev.c b/Xi/listdev.c
index 9a5a189..48c1e05 100644
--- a/Xi/listdev.c
+++ b/Xi/listdev.c
@@ -338,6 +338,7 @@ ProcXListInputDevices(ClientPtr client)
REQUEST_SIZE_MATCH(xListInputDevicesReq);
+ memset(&rep, 0, sizeof(xListInputDevicesReply));
rep.repType = X_Reply;
rep.RepType = X_ListInputDevices;
rep.length = 0;
@@ -379,7 +380,7 @@ ProcXListInputDevices(ClientPtr client)
}
total_length = numdevs * sizeof(xDeviceInfo) + size + namesize;
- devbuf = (char *)xalloc(total_length);
+ devbuf = (char *)xcalloc(1, total_length);
classbuf = devbuf + (numdevs * sizeof(xDeviceInfo));
namebuf = classbuf + size;
savbuf = devbuf;
diff --git a/Xi/opendev.c b/Xi/opendev.c
index 41edb0f..3965a4d 100644
--- a/Xi/opendev.c
+++ b/Xi/opendev.c
@@ -101,6 +101,7 @@ ProcXOpenDevice(ClientPtr client)
REQUEST(xOpenDeviceReq);
REQUEST_SIZE_MATCH(xOpenDeviceReq);
+ memset(&rep, 0, sizeof(xOpenDeviceReply));
status = dixLookupDevice(&dev, stuff->deviceid, client, DixUseAccess);
diff --git a/dix/devices.c b/dix/devices.c
index 934e695..c80fb98 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -1461,6 +1461,7 @@ ProcGetModifierMapping(ClientPtr client)
KeyCode *modkeymap = NULL;
REQUEST_SIZE_MATCH(xReq);
+ memset(&rep, 0, sizeof(xGetModifierMappingReply));
ret = generate_modkeymap(client, PickKeyboard(client), &modkeymap,
&max_keys_per_mod);
if (ret != Success)
@@ -1601,6 +1602,7 @@ ProcGetKeyboardMapping(ClientPtr client)
REQUEST(xGetKeyboardMappingReq);
REQUEST_SIZE_MATCH(xGetKeyboardMappingReq);
+ memset(&rep, 0, sizeof(xGetKeyboardMappingReply));
rc = XaceHook(XACE_DEVICE_ACCESS, client, kbd, DixGetAttrAccess);
if (rc != Success)
return rc;
diff --git a/dix/dispatch.c b/dix/dispatch.c
index b06f4aa..a1c382a 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -548,6 +548,7 @@ ProcGetWindowAttributes(ClientPtr client)
xGetWindowAttributesReply wa;
int rc;
+ memset(&wa, 0, sizeof(xGetWindowAttributesReply));
REQUEST_SIZE_MATCH(xResourceReq);
rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
@@ -813,6 +814,7 @@ ProcGetGeometry(ClientPtr client)
xGetGeometryReply rep;
int status;
+ memset(&rep, 0, sizeof(xGetGeometryReply));
if ((status = GetGeometry(client, &rep)) != Success)
return status;
@@ -830,6 +832,7 @@ ProcQueryTree(ClientPtr client)
Window *childIDs = (Window *)NULL;
REQUEST(xResourceReq);
+ memset(&reply, 0, sizeof(xQueryTreeReply));
REQUEST_SIZE_MATCH(xResourceReq);
rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
@@ -887,6 +890,7 @@ ProcInternAtom(ClientPtr client)
if (atom != BAD_RESOURCE)
{
xInternAtomReply reply;
+ memset(&reply, 0, sizeof(xInternAtomReply));
reply.type = X_Reply;
reply.length = 0;
reply.sequenceNumber = client->sequence;
@@ -906,6 +910,7 @@ ProcGetAtomName(ClientPtr client)
int len;
REQUEST(xResourceReq);
+ memset(&reply, 0, sizeof(xGetAtomNameReply));
REQUEST_SIZE_MATCH(xResourceReq);
if ( (str = NameForAtom(stuff->id)) )
{
@@ -999,6 +1004,7 @@ ProcTranslateCoords(ClientPtr client)
xTranslateCoordsReply rep;
int rc;
+ memset(&rep, 0, sizeof(xTranslateCoordsReply));
REQUEST_SIZE_MATCH(xTranslateCoordsReq);
rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixGetAttrAccess);
if (rc != Success)
@@ -1142,7 +1148,7 @@ ProcQueryFont(ClientPtr client)
rlength = sizeof(xQueryFontReply) +
FONTINFONPROPS(FONTCHARSET(pFont)) * sizeof(xFontProp) +
nprotoxcistructs * sizeof(xCharInfo);
- reply = xalloc(rlength);
+ reply = xcalloc(1, rlength);
if(!reply)
{
return(BadAlloc);
@@ -1910,6 +1916,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
xGetImageReply xgi;
RegionPtr pVisibleRegion = NULL;
+ memset(&xgi, 0, sizeof(xGetImageReply));
if ((format != XYPixmap) && (format != ZPixmap))
{
client->errorValue = format;
@@ -1970,7 +1977,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
xgi.length = length;
if (im_return) {
- pBuf = xalloc(sz_xGetImageReply + length);
+ pBuf = xcalloc(1, sz_xGetImageReply + length);
if (!pBuf)
return (BadAlloc);
if (widthBytesLine == 0)
@@ -2008,7 +2015,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
length += widthBytesLine;
}
}
- if(!(pBuf = xalloc(length)))
+ if(!(pBuf = xcalloc(1, length)))
return (BadAlloc);
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
}
@@ -2745,8 +2752,9 @@ ProcQueryColors(ClientPtr client)
xrgb *prgbs;
xQueryColorsReply qcr;
+ memset(&qcr, 0, sizeof(xQueryColorsReply));
count = ((client->req_len << 2) - sizeof(xQueryColorsReq)) >> 2;
- prgbs = xalloc(count * sizeof(xrgb));
+ prgbs = xcalloc(1, count * sizeof(xrgb));
if(!prgbs && count)
return(BadAlloc);
if( (rc = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) )
@@ -2967,6 +2975,7 @@ ProcQueryBestSize (ClientPtr client)
REQUEST(xQueryBestSizeReq);
REQUEST_SIZE_MATCH(xQueryBestSizeReq);
+ memset(&reply, 0, sizeof(xQueryBestSizeReply));
if ((stuff->class != CursorShape) &&
(stuff->class != TileShape) &&
(stuff->class != StippleShape))
@@ -3700,6 +3709,7 @@ SendErrorToClient(ClientPtr client, unsigned majorCode, unsigned minorCode,
{
xError rep;
+ memset(&rep, 0, sizeof(xError));
rep.type = X_Error;
rep.sequenceNumber = client->sequence;
rep.errorCode = errorCode;
diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index 9f596e8..9bdeebf 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -598,6 +598,7 @@ doListFontsAndAliases(ClientPtr client, LFclosurePtr c)
char *bufferStart;
int aliascount = 0;
+ memset(&reply, 0, sizeof(xListFontsReply));
if (client->clientGone)
{
if (c->current.current_fpe < c->num_fpes)
@@ -1048,6 +1049,7 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c)
err = AllocError;
break;
}
+ memset(reply + c->length, 0, length - c->length);
c->reply = reply;
c->length = length;
}
diff --git a/dix/events.c b/dix/events.c
index 0db2d6a..21772ad 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -2229,6 +2229,7 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab,
int mskidx = dev->id;
xEvent core;
+ memset(&core, 0, sizeof(xEvent));
if (XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, xE, count))
return 0;
@@ -3373,6 +3374,7 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count)
xEvent core;
int deliveries = 0;
+ memset(&core, 0, sizeof(xEvent));
if (focus == FollowKeyboardWin)
focus = inputInfo.keyboard->focus->win;
if (!focus)
@@ -3434,6 +3436,7 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev,
SpritePtr pSprite = thisDev->spriteInfo->sprite;
BOOL sendCore = FALSE;
+ memset(&core, 0, sizeof(xEvent));
grabinfo = &thisDev->deviceGrab;
grab = grabinfo->grab;
@@ -3853,6 +3856,7 @@ CoreEnterLeaveEvent(
GrabPtr grab = mouse->deviceGrab.grab;
Mask mask;
+ memset(&event, 0, sizeof(xEvent));
keybd = GetPairedDevice(mouse);
if ((pWin == mouse->valuator->motionHintWindow) &&
@@ -3939,6 +3943,7 @@ DeviceEnterLeaveEvent(
DeviceIntPtr keybd = GetPairedDevice(mouse);
BOOL sameScreen;
+ memset(&event, 0, sizeof(xEvent));
if (grab) {
mask = (pWin == grab->window) ? grab->eventMask : 0;
if (grab->ownerEvents)
@@ -3990,6 +3995,7 @@ CoreFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin)
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.focus.mode = mode;
event.u.u.type = type;
event.u.u.detail = detail;
@@ -4149,6 +4155,7 @@ ProcGetInputFocus(ClientPtr client)
/* REQUEST(xReq); */
REQUEST_SIZE_MATCH(xReq);
+ memset(&rep, 0, sizeof(xGetInputFocusReply));
rc = XaceHook(XACE_DEVICE_ACCESS, client, kbd, DixGetFocusAccess);
if (rc != Success)
return rc;
@@ -4185,6 +4192,7 @@ ProcGrabPointer(ClientPtr client)
Mask access_mode = DixGrabAccess;
int rc;
+ memset(&rep, 0, sizeof(xGrabPointerReply));
REQUEST_SIZE_MATCH(xGrabPointerReq);
UpdateCurrentTime();
if ((stuff->pointerMode != GrabModeSync) &&
@@ -4488,6 +4496,7 @@ ProcGrabKeyboard(ClientPtr client)
int result;
DeviceIntPtr keyboard = PickKeyboard(client);
+ memset(&rep, 0, sizeof(xGrabKeyboardReply));
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
result = GrabDevice(client, keyboard, stuff->keyboardMode,
@@ -4547,6 +4556,7 @@ ProcQueryPointer(ClientPtr client)
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
+ memset(&rep, 0, sizeof(xQueryPointerReply));
rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
diff --git a/dix/extension.c b/dix/extension.c
index 330fd28..6b92e56 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -268,6 +268,7 @@ ProcQueryExtension(ClientPtr client)
REQUEST_FIXED_SIZE(xQueryExtensionReq, stuff->nbytes);
+ memset(&reply, 0, sizeof(xQueryExtensionReply));
reply.type = X_Reply;
reply.length = 0;
reply.major_opcode = 0;
@@ -301,6 +302,7 @@ ProcListExtensions(ClientPtr client)
REQUEST_SIZE_MATCH(xReq);
+ memset(&reply, 0, sizeof(xListExtensionsReply));
reply.type = X_Reply;
reply.nExtensions = 0;
reply.length = 0;
diff --git a/dix/main.c b/dix/main.c
index 3c25e2e..ec236d8 100644
--- a/dix/main.c
+++ b/dix/main.c
@@ -491,6 +491,7 @@ CreateConnectionBlock(void)
char *pBuf;
+ memset(&setup, 0, sizeof(xConnSetup));
/* Leave off the ridBase and ridMask, these must be sent with
connection */
@@ -531,6 +532,7 @@ CreateConnectionBlock(void)
while (--i >= 0)
*pBuf++ = 0;
+ memset(&format, 0, sizeof(xPixmapFormat));
for (i=0; i<screenInfo.numPixmapFormats; i++)
{
format.depth = screenInfo.formats[i].depth;
@@ -542,6 +544,8 @@ CreateConnectionBlock(void)
}
connBlockScreenStart = sizesofar;
+ memset(&depth, 0, sizeof(xDepth));
+ memset(&visual, 0, sizeof(xVisualType));
for (i=0; i<screenInfo.numScreens; i++)
{
ScreenPtr pScreen;
diff --git a/dix/property.c b/dix/property.c
index 5bf4232..0fa6381 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -111,6 +111,7 @@ deliverPropertyNotifyEvent(WindowPtr pWin, int state, Atom atom)
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = PropertyNotify;
event.u.property.window = pWin->drawable.id;
event.u.property.state = state;
@@ -453,6 +454,7 @@ ProcGetProperty(ClientPtr client)
Mask win_mode = DixGetPropAccess, prop_mode = DixReadAccess;
REQUEST(xGetPropertyReq);
+ memset(&reply, 0, sizeof(xGetPropertyReply));
REQUEST_SIZE_MATCH(xGetPropertyReq);
if (stuff->delete) {
UpdateCurrentTime();
diff --git a/dix/selection.c b/dix/selection.c
index 1fd0d21..89a715b 100644
--- a/dix/selection.c
+++ b/dix/selection.c
@@ -235,6 +235,7 @@ ProcGetSelectionOwner(ClientPtr client)
Selection *pSel;
xGetSelectionOwnerReply reply;
+ memset(&reply, 0, sizeof(xGetSelectionOwnerReply));
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
@@ -270,6 +271,7 @@ ProcConvertSelection(ClientPtr client)
REQUEST(xConvertSelectionReq);
REQUEST_SIZE_MATCH(xConvertSelectionReq);
+ memset(&event, 0, sizeof(xEvent));
rc = dixLookupWindow(&pWin, stuff->requestor, client, DixSetAttrAccess);
if (rc != Success)
diff --git a/dix/window.c b/dix/window.c
index d4c587e..198392f 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -573,6 +573,7 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
PixmapFormatRec *format;
WindowOptPtr ancwopt;
+ memset(&event, 0, sizeof(xEvent));
if (class == CopyFromParent)
class = pParent->drawable.class;
@@ -874,6 +875,7 @@ CrushTree(WindowPtr pWin)
UnrealizeWindowProcPtr UnrealizeWindow;
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
if (!(pChild = pWin->firstChild))
return;
UnrealizeWindow = pWin->drawable.pScreen->UnrealizeWindow;
@@ -928,6 +930,7 @@ DeleteWindow(pointer value, XID wid)
WindowPtr pWin = (WindowPtr)value;
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
UnmapWindow(pWin, FALSE);
CrushTree(pWin);
@@ -2146,6 +2149,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
int rc, action, smode = Above;
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
if ((pWin->drawable.class == InputOnly) && (mask & IllegalInputOnlyConfigureMask))
return(BadMatch);
@@ -2278,6 +2282,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
if (size_change && ((pWin->eventMask|wOtherEventMasks(pWin)) & ResizeRedirectMask))
{
xEvent eventT;
+ memset(&eventT, 0, sizeof(xEvent));
eventT.u.u.type = ResizeRequest;
eventT.u.resizeRequest.window = pWin->drawable.id;
eventT.u.resizeRequest.width = w;
@@ -2471,6 +2476,7 @@ ReparentWindow(WindowPtr pWin, WindowPtr pParent,
int bw = wBorderWidth (pWin);
ScreenPtr pScreen;
+ memset(&event, 0, sizeof(xEvent));
pScreen = pWin->drawable.pScreen;
if (TraverseTree(pWin, CompareWIDs, (pointer)&pParent->drawable.id) == WT_STOPWALKING)
return(BadMatch);
@@ -2636,6 +2642,7 @@ MapWindow(WindowPtr pWin, ClientPtr client)
xEvent event;
Bool anyMarked;
+ memset(&event, 0, sizeof(xEvent));
if ((!pWin->overrideRedirect) &&
(RedirectSend(pParent)
))
@@ -2716,6 +2723,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client)
Bool anyMarked;
WindowPtr pLayerWin;
+ memset(&event, 0, sizeof(xEvent));
pScreen = pParent->drawable.pScreen;
parentRedirect = RedirectSend(pParent);
parentNotify = SubSend(pParent);
@@ -2846,6 +2854,7 @@ UnmapWindow(WindowPtr pWin, Bool fromConfigure)
ScreenPtr pScreen = pWin->drawable.pScreen;
WindowPtr pLayerWin = pWin;
+ memset(&event, 0, sizeof(xEvent));
if ((!pWin->mapped) || (!(pParent = pWin->parent)))
return(Success);
if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin))
@@ -3056,6 +3065,7 @@ SendVisibilityNotify(WindowPtr pWin)
#ifndef NO_XINERAMA_PORT
unsigned int visibility = pWin->visibility;
#endif
+ memset(&event, 0, sizeof(xEvent));
if (!MapUnmapEventsEnabled(pWin))
return;
#ifdef PANORAMIX
diff --git a/mi/miexpose.c b/mi/miexpose.c
index 082f906..5746a5f 100644
--- a/mi/miexpose.c
+++ b/mi/miexpose.c
@@ -381,6 +381,7 @@ miSendGraphicsExpose (ClientPtr client, RegionPtr pRgn, XID drawable,
else
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = NoExpose;
event.u.noExposure.drawable = drawable;
event.u.noExposure.majorEvent = major;
@@ -401,7 +402,7 @@ miSendExposures( WindowPtr pWin, RegionPtr pRgn, int dx, int dy)
pBox = REGION_RECTS(pRgn);
numRects = REGION_NUM_RECTS(pRgn);
- if(!(pEvent = xalloc(numRects * sizeof(xEvent))))
+ if(!(pEvent = xcalloc(1, numRects * sizeof(xEvent))))
return;
for (i=numRects, pe = pEvent; --i >= 0; pe++, pBox++)
diff --git a/randr/rrxinerama.c b/randr/rrxinerama.c
index 36135c6..b5bb668 100644
--- a/randr/rrxinerama.c
+++ b/randr/rrxinerama.c
@@ -244,6 +244,7 @@ ProcRRXineramaIsActive(ClientPtr client)
{
xXineramaIsActiveReply rep;
+ memset(&rep, 0, sizeof(xXineramaIsActiveReply));
REQUEST_SIZE_MATCH(xXineramaIsActiveReq);
rep.type = X_Reply;
diff --git a/render/render.c b/render/render.c
index 658b170..c5b5030 100644
--- a/render/render.c
+++ b/render/render.c
@@ -262,6 +262,7 @@ ProcRenderQueryVersion (ClientPtr client)
register int n;
REQUEST(xRenderQueryVersionReq);
+ memset(&rep, 0, sizeof(xRenderQueryVersionReply));
pRenderClient->major_version = stuff->majorVersion;
pRenderClient->minor_version = stuff->minorVersion;
@@ -363,7 +364,7 @@ ProcRenderQueryPictFormats (ClientPtr client)
ndepth * sizeof (xPictDepth) +
nvisual * sizeof (xPictVisual) +
numSubpixel * sizeof (CARD32));
- reply = (xRenderQueryPictFormatsReply *) xalloc (rlength);
+ reply = (xRenderQueryPictFormatsReply *) xcalloc (1, rlength);
if (!reply)
return BadAlloc;
reply->type = X_Reply;
diff --git a/xfixes/select.c b/xfixes/select.c
index 12a165f..795b8bd 100644
--- a/xfixes/select.c
+++ b/xfixes/select.c
@@ -83,6 +83,7 @@ XFixesSelectionCallback (CallbackListPtr *callbacks, pointer data, pointer args)
{
xXFixesSelectionNotifyEvent ev;
+ memset(&ev, 0, sizeof(xXFixesSelectionNotifyEvent));
ev.type = XFixesEventBase + XFixesSelectionNotify;
ev.subtype = subtype;
ev.sequenceNumber = e->pClient->sequence;
diff --git a/xfixes/xfixes.c b/xfixes/xfixes.c
index d1225c6..b1f23ce 100644
--- a/xfixes/xfixes.c
+++ b/xfixes/xfixes.c
@@ -68,6 +68,7 @@ ProcXFixesQueryVersion(ClientPtr client)
register int n;
REQUEST(xXFixesQueryVersionReq);
+ memset(&rep, 0, sizeof(xXFixesQueryVersionReply));
REQUEST_SIZE_MATCH(xXFixesQueryVersionReq);
rep.type = X_Reply;
rep.length = 0;
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 30d58bf..e674c54 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -159,6 +159,7 @@ ProcXkbUseExtension(ClientPtr client)
register int n;
int supported;
+ memset(&rep, 0, sizeof(xkbUseExtensionReply));
REQUEST_SIZE_MATCH(xkbUseExtensionReq);
if (stuff->wantedMajor != XkbMajorVersion) {
/* pre-release version 0.65 is compatible with 1.00 */
@@ -1363,7 +1364,7 @@ unsigned i,len;
char *desc,*start;
len= (rep->length*4)-(SIZEOF(xkbGetMapReply)-SIZEOF(xGenericReply));
- start= desc= (char *)xalloc(len);
+ start= desc= (char *)xcalloc(1, len);
if (!start)
return BadAlloc;
if ( rep->nTypes>0 )
@@ -3765,6 +3766,7 @@ ProcXkbGetNames(ClientPtr client)
REQUEST(xkbGetNamesReq);
REQUEST_SIZE_MATCH(xkbGetNamesReq);
+ memset(&rep, 0, sizeof(xkbGetNamesReply));
if (!(client->xkbClientFlags&_XkbClientInitialized))
return BadAccess;
@@ -5345,6 +5347,7 @@ ProcXkbPerClientFlags(ClientPtr client)
REQUEST(xkbPerClientFlagsReq);
REQUEST_SIZE_MATCH(xkbPerClientFlagsReq);
+ memset(&rep, 0, sizeof(xkbPerClientFlagsReply));
if (!(client->xkbClientFlags&_XkbClientInitialized))
return BadAccess;
diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
index 6c2d32d..c042ac0 100644
--- a/xkb/xkbEvents.c
+++ b/xkb/xkbEvents.c
@@ -838,6 +838,7 @@ XkbSrvLedInfoPtr sli;
}
if (pChanges->map.changed) {
xkbMapNotify mn;
+ memset(&mn, 0, sizeof(xkbMapNotify));
mn.changed= pChanges->map.changed;
mn.firstType= pChanges->map.first_type;
mn.nTypes= pChanges->map.num_types;
@@ -859,6 +860,7 @@ XkbSrvLedInfoPtr sli;
if ((pChanges->ctrls.changed_ctrls)||
(pChanges->ctrls.enabled_ctrls_changes)) {
xkbControlsNotify cn;
+ memset(&cn, 0, sizeof(xkbControlsNotify));
cn.changedControls= pChanges->ctrls.changed_ctrls;
cn.enabledControlChanges= pChanges->ctrls.enabled_ctrls_changes;
cn.keycode= cause->kc;
@@ -869,6 +871,7 @@ XkbSrvLedInfoPtr sli;
}
if (pChanges->indicators.map_changes) {
xkbIndicatorNotify in;
+ memset(&in, 0, sizeof(xkbIndicatorNotify));
if (sli==NULL)
sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0);
in.state= sli->effectiveState;
@@ -877,6 +880,7 @@ XkbSrvLedInfoPtr sli;
}
if (pChanges->indicators.state_changes) {
xkbIndicatorNotify in;
+ memset(&in, 0, sizeof(xkbIndicatorNotify));
if (sli==NULL)
sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0);
in.state= sli->effectiveState;
@@ -885,6 +889,7 @@ XkbSrvLedInfoPtr sli;
}
if (pChanges->names.changed) {
xkbNamesNotify nn;
+ memset(&nn, 0, sizeof(xkbNamesNotify));
nn.changed= pChanges->names.changed;
nn.firstType= pChanges->names.first_type;
nn.nTypes= pChanges->names.num_types;
@@ -897,6 +902,7 @@ XkbSrvLedInfoPtr sli;
}
if ((pChanges->compat.changed_groups)||(pChanges->compat.num_si>0)) {
xkbCompatMapNotify cmn;
+ memset(&cmn, 0, sizeof(xkbCompatMapNotify));
cmn.changedGroups= pChanges->compat.changed_groups;
cmn.firstSI= pChanges->compat.first_si;
cmn.nSI= pChanges->compat.num_si;
diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
index 98f9fc5..c2cf12b 100644
--- a/xkb/xkbUtils.c
+++ b/xkb/xkbUtils.c
@@ -2094,6 +2094,7 @@ XkbCopyDeviceKeymap(DeviceIntPtr dst, DeviceIntPtr src)
xkbNewKeyboardNotify nkn;
Bool ret;
+ memset(&nkn, 0, sizeof(xkbNewKeyboardNotify));
if (!dst->key || !src->key)
return FALSE;
--
1.5.2.2
More information about the xorg-devel
mailing list