Hello,
please see attached some issues that were highlighted by coccinelle.
Sent in individual patches for the different libraries. Vtorrified
except for elmdentica where nobody seems to care.
All bugs suffer from memory corruption.
* ecore_x - The type used for calloc is wrong (and smaller than the
actual type)
* eio - Problem using sizeof(type *) instead of sizeof(type) for allocation
* elmdentica - Same problem as with eio, but implemented less cunningly
Regards,
Daniel Willmann
From 5e3e3b16d1d32e3d5ed3d3383e5d51cb3a4d7abe Mon Sep 17 00:00:00 2001
From: Daniel Willmann <[email protected]>
Date: Wed, 3 Oct 2012 15:23:18 +0100
Subject: [PATCH 1/6] ecore: Fix allocation type in ecore_x xcb randr callback
function
Signed-off-by: Daniel Willmann <[email protected]>
---
trunk/ecore/ChangeLog | 3 +++
trunk/ecore/NEWS | 1 +
trunk/ecore/src/lib/ecore_x/xcb/ecore_xcb_events.c | 2 +-
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/trunk/ecore/ChangeLog b/trunk/ecore/ChangeLog
index bc7a925..c4b16ca 100644
--- a/trunk/ecore/ChangeLog
+++ b/trunk/ecore/ChangeLog
@@ -974,3 +974,6 @@
2012-10-02 Daniel Willmann
* Fix memory allocation size in ecore_thread_feedback()
+
+2012-10-03 Daniel Wilmann
+ * Fix memory allocation size in ecore_x xcb randr function
diff --git a/trunk/ecore/NEWS b/trunk/ecore/NEWS
index efd4455..95ae014 100644
--- a/trunk/ecore/NEWS
+++ b/trunk/ecore/NEWS
@@ -26,6 +26,7 @@ Fixes:
* ecore_x_image_is_argb32_get() returns correctly given endianness.
* ecore_imf ibus module potential segv fixed.
* ecore_thread_feedback() memory allocation and corruption fixed.
+ * Fix memory allocation size in ecore_x xcb randr function.
Improvements:
diff --git a/trunk/ecore/src/lib/ecore_x/xcb/ecore_xcb_events.c b/trunk/ecore/src/lib/ecore_x/xcb/ecore_xcb_events.c
index 5722b46..9ccd52c 100644
--- a/trunk/ecore/src/lib/ecore_x/xcb/ecore_xcb_events.c
+++ b/trunk/ecore/src/lib/ecore_x/xcb/ecore_xcb_events.c
@@ -1939,7 +1939,7 @@ _ecore_xcb_event_handle_randr_output_change(xcb_generic_event_t *event)
#ifdef ECORE_XCB_RANDR
ev = (xcb_randr_notify_event_t *)event;
- if (!(e = calloc(1, sizeof(Ecore_X_Event_Randr_Crtc_Change))))
+ if (!(e = calloc(1, sizeof(Ecore_X_Event_Randr_Output_Change))))
return;
e->win = ev->u.oc.window;
--
1.7.9.5
From ea9fa5f2212f674956838bfd050f8deed707adcb Mon Sep 17 00:00:00 2001
From: Daniel Willmann <[email protected]>
Date: Wed, 3 Oct 2012 16:26:30 +0100
Subject: [PATCH 2/6] eio: Fix possible memory corruption in
eio_eet_data_read_cipher()
We don't just want to allocate space for a pointer to the struct.
Signed-off-by: Daniel Willmann <[email protected]>
---
trunk/eio/AUTHORS | 1 +
trunk/eio/ChangeLog | 4 ++++
trunk/eio/NEWS | 1 +
trunk/eio/src/lib/eio_eet.c | 2 +-
4 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/trunk/eio/AUTHORS b/trunk/eio/AUTHORS
index 27d6bd6..27aeadc 100644
--- a/trunk/eio/AUTHORS
+++ b/trunk/eio/AUTHORS
@@ -5,3 +5,4 @@ Vincent "caro" Torri <vtorri at univ-evry dot fr>
Mikael SANS <[email protected]>
Mike Blumenkrantz (zmike/discomfitor) <[email protected]>
J챕r척me Pinot <[email protected]>
+Daniel Willmann <[email protected]>
diff --git a/trunk/eio/ChangeLog b/trunk/eio/ChangeLog
index 2b8065c..bc42978 100644
--- a/trunk/eio/ChangeLog
+++ b/trunk/eio/ChangeLog
@@ -51,3 +51,7 @@
2012-09-27 Cedric Bail
* Don't stop on limited access right.
+
+2012-10-03 Daniel Willmann
+ * Fix memory corruption by allocating enough memory in
+ eio_eet_data_read_cipher().
diff --git a/trunk/eio/NEWS b/trunk/eio/NEWS
index a841aae..1fddc65 100644
--- a/trunk/eio/NEWS
+++ b/trunk/eio/NEWS
@@ -9,6 +9,7 @@ Fixes:
- fix monitor shutdown when mainloop did never run.
- fix build with xattr and without splice.
- don't stop on limited access right.
+ - Fix memory corruption by allocating enough memory in eio_eet_data_read_cipher().
Improvements:
diff --git a/trunk/eio/src/lib/eio_eet.c b/trunk/eio/src/lib/eio_eet.c
index 36cf114..049c1e3 100644
--- a/trunk/eio/src/lib/eio_eet.c
+++ b/trunk/eio/src/lib/eio_eet.c
@@ -458,7 +458,7 @@ eio_eet_data_read_cipher(Eet_File *ef,
EINA_SAFETY_ON_NULL_RETURN_VAL(done_cb, NULL);
EINA_SAFETY_ON_NULL_RETURN_VAL(error_cb, NULL);
- er = malloc(sizeof (er));
+ er = malloc(sizeof (Eio_Eet_Read));
EINA_SAFETY_ON_NULL_RETURN_VAL(er, NULL);
er->ef = ef;
--
1.7.9.5
From d84af95cd9f24f9311c35e0f8f99eb8446cbe40a Mon Sep 17 00:00:00 2001
From: Daniel Willmann <[email protected]>
Date: Wed, 3 Oct 2012 16:30:36 +0100
Subject: [PATCH 3/6] elmdetica: Don't just allocate space for a pointer
sizeof(type) vs. sizeof(type*)
Signed-off-by: Daniel Willmann <[email protected]>
---
trunk/elmdentica/src/elmdentica.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/trunk/elmdentica/src/elmdentica.c b/trunk/elmdentica/src/elmdentica.c
index 191cacc..923ff47 100644
--- a/trunk/elmdentica/src/elmdentica.c
+++ b/trunk/elmdentica/src/elmdentica.c
@@ -653,7 +653,7 @@ static void on_handle_user(void *data, Evas_Object *obj, void *event_info) {
if(network_busy || !settings->online) return;
- ud = calloc(1,sizeof(userData*));
+ ud = calloc(1,sizeof(userData));
ud->screen_name=elm_object_item_text_get(li);
ud->as = (aStatus*)data;
--
1.7.9.5
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
