[PATCH] [xorg/xserver] os/connection: Prevent WaitForSomething from busylooping

-9 the process and witness X entering a neverending loop. Cnee's connection issues RecordEnableContext, which makes the connection ignored. Signed-off-by: Erkki Seppälä Reviewed-by: Rami Ylimäki --- os/connection.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/

[RFC] [PATCH v3] damage: use DamageReportDamage for the initial borderClip damage report

when a new damage object is created. As this patch makes DamageReportDamage a public interface, the function has been moved into the part of the file that contains all the other public functions. The function has not been otherwise modified. Signed-off-by: Erkki Seppälä --- damageext

[PATCH] damage: use DamageInitialReport for the initial borderClip damage report

ers a full window update when a new damage object is created. Signed-off-by: Erkki Seppälä --- damageext/damageext.c |2 +- miext/damage/damage.c | 12 miext/damage/damage.h |5 + 3 files changed, 18 insertions(+), 1 deletions(-) diff --git a/damageext/damageext.c b

[PATCH v2 0/2] [libXau] XauGetFileName: added a thread-safe variant of XauFileName

lobber the previous return values), by supporting the getenv_r function, if it is available. XauGetFileName is still easy to use in the basic situation, but it works in fixed size buffer situations as well. Erkki Seppälä (2): XauGetFileName: added a thread-safe variant of XauFileName XauGet*AuthB

[PATCH v2 1/2] [libXau] XauGetFileName: added a thread-safe variant of XauFileName

fe according to its documentation. Signed-off-by: Erkki Seppälä Reviewed-by: Rami Ylimäki --- AuFileName.c| 163 ++- configure.ac|5 ++ include/X11/Xauth.h | 38 man/Xau.man | 57 +- 4 fil

[PATCH v2 2/2] [libXau] XauGet*AuthByAddr: use XauGetFileName instead of XauFileName

XauGetFileName is a thread-safe variant of XauFileName. Signed-off-by: Erkki Seppälä Reviewed-by: Rami Ylimäki --- AuGetAddr.c | 12 +++- AuGetBest.c | 12 +++- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/AuGetAddr.c b/AuGetAddr.c index 897d8b5..5d6c8fb

[PATCH v2] [xorg/xserver] os/client: Prevent rare fd leak in DetermineClientPid

DetermineClientPid didn't close file descriptor if read on /proc/pid/cmdline failed. Adjusted the code to disregard the close return value and perform the return after that, if the read failed or returned EOF. Signed-off-by: Mark Kettenis Signed-off-by: Erkki Seppälä Reviewed-by: Rami Yl

[PATCH] [xorg/xserver] os/client: Prevent rare fd leak in DetermineClientPid

DetermineClientPid didn't close file descriptor if read on /proc/pid/cmdline failed. Added close to that path of code. Signed-off-by: Erkki Seppälä Reviewed-by: Rami Ylimäki --- os/client.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/os/client.c b/os/cli

[RFC] [PATCH] [xorg/xserver] damage: use DamageExtReport for the initial borderClip damage report

age object is created. Signed-off-by: Erkki Seppälä --- damageext/damageext.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/damageext/damageext.c b/damageext/damageext.c index cfef069..7a0a779 100644 --- a/damageext/damageext.c +++ b/damageext/damageext.c @@ -22

[PATCH] [xorg/xserver] config: handle device change event properly

ition. Signed-off-by: Erkki Seppälä Signed-off-by: Stefan Kost --- Stefan, please ask a proper Reported-by tag for the bug from the original reporter. config/udev.c |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/config/udev.c b/config/udev.c index a2f5710..c120747 1

[PATCH v2] [xorg/xserver] mi/misprite: use memory management provided by dixRegisterPrivateKey

miDCDeviceInitialize succeeds. The record itself is zeroed on cleanup to ensure that the assumptions in the code still hold. Reviewed-by: Rami Ylimäki Signed-off-by: Erkki Seppälä --- mi/misprite.c | 41 +++-- 1 files changed, 19 insertions(+), 22 deletions(-) diff

[PATCH] [xorg/xserver] mi/misprite: release private record

The record allocated by miSpriteDeviceCursorInitialize was not being released. This patch adds a call to free and resetting the private record to miSpriteDeviceCursorCleanup. Reviewed-by: Rami Ylimäki Signed-off-by: Erkki Seppälä --- mi/misprite.c |3 +++ 1 files changed, 3 insertions

[PATCH] xfree86/modes: Fixed memory leak in xf86InitialConfiguration

releasing sequences with one that is gotoed into. Reviewed-by: Rami Ylimäki Signed-off-by: Erkki Seppälä --- hw/xfree86/modes/xf86Crtc.c | 21 - 1 files changed, 8 insertions(+), 13 deletions(-) diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c index 9a5e50

[PATCH] xfree86/common: Removed a configScreen leak when conf_screen is NULL

: Erkki Seppälä --- hw/xfree86/common/xf86Config.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c index 28786ba..906d4bd 100644 --- a/hw/xfree86/common/xf86Config.c +++ b/hw/xfree86/common/xf86Config.c

[PATCH] [xserver] record: avoid crash when calling RecordFlushReplyBuffer recursively

t might affect existing behavior, which may be relied upon. Reviewed-by: Rami Ylimäki Signed-off-by: Erkki Seppälä --- record/record.c |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/record/record.c b/record/record.c index 6a93d7a..bea3046 100644 --- a/record/record.

[PATCH 2/2] [libX11] xcms/cmsProp: don't deal with uninitialized values, fail instead

fragment would not have been reached. This patch alters the function to return XcmsFailure if the call to XGetWindowProperty fails. Reviewed-by: Ander Conselvan de Oliveira Reviewed-by: Rami Ylimäki Signed-off-by: Erkki Seppälä --- src/xcms/cmsProp.c | 17 ++--- 1 files changed

[PATCH 1/2] [libX11] xcms/LRGB: don't double-free property_return

to "free" Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira --- src/xcms/LRGB.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/src/xcms/LRGB.c b/src/xcms/LRGB.c index 750c492..2dca82e 100644 --- a/src/xcms/LRGB.c +++ b/sr

[PATCH 0/2] Last two libx11 static analysis fixes

eturn Erkki Seppälä (1): xcms/cmsProp: don't deal with uninitialized values, fail instead src/xcms/LRGB.c|1 - src/xcms/cmsProp.c | 24 +--- 2 files changed, 13 insertions(+), 12 deletions(-) ___ xorg-devel@lists.x.

[PATCH v2 07/25] [libx11] Fixed memory leak by adding Xfree and initializing missing_list with NULL

Variable "missing_list" goes out of scope Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c ind

[PATCH v2 19/25] [libx11] Properly handle the return value of XGetWindowProperty by considering if after the loop as well.

-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/cmsProp.c | 11 ++- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/xcms/cmsProp.c b/src/xcms/cmsProp.c index 856ae84..9294cc7 100644 --- a/src/xcms/cmsProp.c +++

[PATCH v2 23/25] [libx11] Fixed by negative value to memcpy by checking for the negative return value of _Xlcwctomb and returning 0/XLookupNone in that case.

pBoth. Each of these has a specific meaning attached. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imLcLkup.c |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imLcLkup.c b/modules/im/ximcp/imLcLkup.c index 80

[PATCH v2 24/25] [libx11] Removed superfluous check for NULL target_dir; it is already handled before this code.

Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..." Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcFile.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/xlibi18n/lcF

[PATCH v2 25/25] [libx11] Removed superfluous check for NULL target_dir; it is already handled before this code.

Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..." Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcFile.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/xlibi18n/lcF

[PATCH v2 12/25] [libx11] Instead of copying the value returned by get_prop_name and then releasing it, directly use the return value of get_prop_name, which allocates memory for the name.

Variable "prop_name" not freed or pointed-to in function "strlen" Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/XDefaultOMIF.c |4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/src/xlibi18n/XDefaultO

[PATCH v2 16/25] [libx11] property_return was not free'd if the allocation of pRedTbl failed.

From: Ander Conselvan de Oliveira xcms/LRGB: Fix potential resource leak. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/LRGB.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/xcms/LRGB.c b/src

[PATCH v2 17/25] [libx11] The rest of the code uses goto's to free memory allocated later and prevent memory leaks, but there were several paths were property_return was free'd just before a goto.

From: Ander Conselvan de Oliveira xcms/LRGB: Add a label for freeing property_return. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/LRGB.c | 26 ++ 1 files changed, 10 insertions(+), 16 deletions

[PATCH v2 22/25] [libx11] Checked return value of XGetWindowProperty and return false if it fails.

Return value of "XGetWindowProperty(im->core.display, spec->lib_connect_wid, prop, 0L, (length + bytes_after_ret + 3UL) / 4UL, 1, 0UL, &type_ret, &format_ret, &nitems, &bytes_after_ret, &prop_ret)" is not checked Signed-off-by: Erkki Seppälä

[PATCH v2 20/25] [libx11] info_list->watch_data was being reallocated, but the return value of the reallocation was stored only into a local variable. This might cause some funky behavior and crashes.

From: Ander Conselvan de Oliveira Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer*)realloc((char*)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count + 1) * 4U)))" Re

[PATCH v2 04/25] [libx11] Zero-initialized new

Using uninitialized value "new" Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcGeneric.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xlibi18n/lcGeneric.c b/src/xlibi18n/lcGeneric.c index 69ea97d..688a4cf 10

[PATCH v2 18/25] [libx11] Initialize local variable

Using uninitialized value "error.resourceID" in call to function "_XError" Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/GetProp.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a

[PATCH v2 10/25] [libx11] Fixed memory leak by adding Xfree

Variable "colormap_ret" goes out of scope Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRm.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRm.c b/modules/im/ximcp/imRm.c index fa86979..3d09

[PATCH v2 21/25] [libx11] Fixed by zero'ing conv on allocation. Then close_converter works properly.

From: Ander Conselvan de Oliveira Using uninitialized value "conv->state" in call to function "close_converter" Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/lc/def/lcDefConv.c |2 +- modules/lc

[PATCH v2 05/25] [libx11] Fixed by using strncpy and explicitly terminating the buffer

Possible overrun of 8192 byte fixed size buffer "buffer" by copying "ext->name" without length checking Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/XlibInt.c |7 --- 1 files changed, 4 insertions(+), 3 deletions(-) diff --gi

[PATCH v2 06/25] [libx11] Fixed memory leak by adding Xfree

Variable "colormap_ret" goes out of scope Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c ind

[PATCH v2 11/25] [libx11] Fixed memory leak by adding Xfree

Variable "image" goes out of scope Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/ImUtil.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/ImUtil.c b/src/ImUtil.c index cd418d8..3164d43 100644 --- a/src/ImUtil.c +++ b/sr

[PATCH v2 08/25] [libx11] Fixed memory leak by adding Xfree

Variable "colormap_ret" goes out of scope Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c index ae053c9..5035df5 100644 --- a/module

[PATCH v2 15/25] [libx11] property_return was free'd before and in the case the conditional is true, the call to XcmsGetProperty failed which means that property_return wasn't set so there is no need

From: Ander Conselvan de Oliveira Double free of pointer "property_return" in call to "free" Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/LRGB.c |1 - 1 files changed, 0 insertions(+), 1 deletions(

[PATCH v2 09/25] [libx11] Fixed memory leak by adding Xfree

Variable "colormap_ret" goes out of scope Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRm.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRm.c b/modules/im/ximcp/imRm.c index 2e2c31f..fa86

[PATCH v2 14/25] [libx11] Fixed the handling of the extremely unlikely situation of fstat failing

Tracked variable "size" was passed to a negative sink. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/Xrm.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/src/Xrm.c b/src/Xrm.c index 3e68c37..fbc8ad2 100644 --- a/src/Xrm.c

[PATCH v2 01/25] [libx11] Fixed a missing call to XFreeFont

Variable "fs" not freed or pointed-to in function "get_prop_name" Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/XDefaultOMIF.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/xlibi18n/XDefaultO

[PATCH v2 13/25] [libx11] The NEWTABLE macro missed freeing its allocated memory on subsequent memory allocation errors. Added call to Xfree.

Variable "table" goes out of scope Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/Xrm.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/Xrm.c b/src/Xrm.c index 21f0af3..3e68c37 100644 --- a/src/Xrm.c +++ b/src/Xrm.c

[PATCH v2 02/25] [libx11] Removed unused assignment

Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/cmsColNm.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xcms/cmsColNm.c b/src/xcms/cmsC

[PATCH v2 03/25] [libx11] Removed unused assignment

Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/cmsColNm.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xcms/cmsColNm.c b/src/xcms/cmsC

[PATCH v2 00/25] Various fixes based on static analysis - remaining patches

loc Fixed by zero'ing conv on allocation. Then close_converter works properly. Erkki Seppälä (19): Fixed a missing call to XFreeFont Removed unused assignment Removed unused assignment Zero-initialized new Fixed by using strncpy and explicitly terminating the bu

[PATCH 19/25] [libx11] Using freed pointer "prop_ret"

== 0 || nitems_ret == 0) ends up returning XcmsFailure, the freed value of prop_ret from the previous call to XGWP will be returned. This patches changes the funcion to behavior to return XcmsFailure if the call do XGetWindowProperty fails. Reviewed-by: Erkki Seppälä Signed-off-by: Ander

[PATCH 18/25] [libx11] Using uninitialized value "error.resourceID" in call to function "_XError"

Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/GetProp.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/GetProp.c b/src/GetProp.c index a80c19c..5d6e0b8 100644 --- a/src/GetProp.c +++ b/src/GetProp.c

[PATCH 25/25] [libx11] Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..."

Removed superfluous check for NULL target_dir; it is already handled before this code. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcFile.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n

[PATCH 15/25] [libx11] Double free of pointer "property_return" in call to "free"

From: Ander Conselvan de Oliveira property_return was free'd before and in the case the conditional is true, the call to XcmsGetProperty failed which means that property_return wasn't set so there is no need to free it again. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Co

[PATCH 14/25] [libx11] Tracked variable "size" was passed to a negative sink.

Fixed the handling of the extremely unlikely situation of fstat failing Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/Xrm.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/src/Xrm.c b/src/Xrm.c index 3e68c37..fbc8ad2 100644 --- a

[PATCH 16/25] [libx11] xcms/LRGB: Fix potential resource leak.

From: Ander Conselvan de Oliveira property_return was not free'd if the allocation of pRedTbl failed. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/LRGB.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)

[PATCH 17/25] [libx11] xcms/LRGB: Add a label for freeing property_return.

From: Ander Conselvan de Oliveira The rest of the code uses goto's to free memory allocated later and prevent memory leaks, but there were several paths were property_return was free'd just before a goto. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Sig

[PATCH 13/25] [libx11] Variable "table" goes out of scope

The NEWTABLE macro missed freeing its allocated memory on subsequent memory allocation errors. Added call to Xfree. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/Xrm.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/Xrm.c b/src

[PATCH 04/25] [libx11] Using uninitialized value "new"

Zero-initialized new Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcGeneric.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xlibi18n/lcGeneric.c b/src/xlibi18n/lcGeneric.c index 69ea97d..688a4cf 100644 --- a/src/xlibi18n

[PATCH 21/25] [libx11] Using uninitialized value "conv->state" in call to function "close_converter"

From: Ander Conselvan de Oliveira Fixed by zero'ing conv on allocation. Then close_converter works properly. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/lc/def/lcDefConv.c |2 +- modules/lc/gen/lcGenConv.c |2

[PATCH 10/25] [libx11] Variable "colormap_ret" goes out of scope

Fixed memory leak by adding Xfree Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRm.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRm.c b/modules/im/ximcp/imRm.c index fa86979..3d09b81 100644 --- a

[PATCH 09/25] [libx11] Variable "colormap_ret" goes out of scope

Fixed memory leak by adding Xfree Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRm.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRm.c b/modules/im/ximcp/imRm.c index 2e2c31f..fa86979 100644 --- a

[PATCH 20/25] [libx11] Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer*)realloc((char*)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U

From: Ander Conselvan de Oliveira info_list->watch_data was being reallocated, but the return value of the reallocation was stored only into a local variable. This might cause some funky behavior and crashes. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira Signed-

[PATCH 23/25] [libx11] a negative value was passed to memcpy

s are XBufferOverflow, XLookupNone, XLookupChars, XLookupKeySym, and XLookupBoth. Each of these has a specific meaning attached. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imLcLkup.c |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --

xorg-devel@lists.x.org

Checked return value of XGetWindowProperty and return false if it fails. Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imTrX.c | 33 + 1 files changed, 21 insertions(+), 12 deletions(-) diff --git a/modules/im/ximcp/imTrX.c b/modules/im/ximcp/imTrX.c index

[PATCH 06/25] [libx11] Variable "colormap_ret" goes out of scope

Fixed memory leak by adding Xfree Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c index b6d1e12..d62dfdb

[PATCH 24/25] [libx11] Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..."

Removed superfluous check for NULL target_dir; it is already handled before this code. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcFile.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n

[PATCH 08/25] [libx11] Variable "colormap_ret" goes out of scope

Fixed memory leak by adding Xfree Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c index ae053c9..5035df5 100644 --- a/modules/im/ximcp/imRmAttr.c +++ b

[PATCH 12/25] [libx11] Variable "prop_name" not freed or pointed-to in function "strlen"

Instead of copying the value returned by get_prop_name and then releasing it, directly use the return value of get_prop_name, which allocates memory for the name. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/XDefaultOMIF.c |4 +--- 1 files

[PATCH 05/25] [libx11] Possible overrun of 8192 byte fixed size buffer "buffer" by copying "ext->name" without length checking

Fixed by using strncpy and explicitly terminating the buffer Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/XlibInt.c |7 --- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/XlibInt.c b/src/XlibInt.c index d55c26a..52ccff1 100644 --- a

[PATCH 11/25] [libx11] Variable "image" goes out of scope

Fixed memory leak by adding Xfree Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/ImUtil.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/ImUtil.c b/src/ImUtil.c index cd418d8..3164d43 100644 --- a/src/ImUtil.c +++ b/src/ImUtil.c

[PATCH 07/25] [libx11] Variable "missing_list" goes out of scope

Fixed memory leak by adding Xfree and initializing missing_list with NULL Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im

[PATCH 01/25] [libx11] Variable "fs" not freed or pointed-to in function "get_prop_name"

Fixed a missing call to XFreeFont Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/XDefaultOMIF.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/xlibi18n/XDefaultOMIF.c b/src/xlibi18n/XDefaultOMIF.c index bc6b1b9..bb3986a

[PATCH 02/25] [libx11] Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used

Removed unused assignment Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/cmsColNm.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xcms/cmsColNm.c b/src/xcms/cmsColNm.c index 4164370..c7ad4fd 100644 --- a/src/xcms/cmsColNm.c

[PATCH 03/25] [libx11] Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used

Removed unused assignment Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xcms/cmsColNm.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xcms/cmsColNm.c b/src/xcms/cmsColNm.c index c7ad4fd..8518adf 100644 --- a/src/xcms/cmsColNm.c

[PATCH 00/25] Various fixes based on static analysis - remaining patches

nt + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count + 1) * 4U)))" Using uninitialized value "conv->state" in call to function "close_converter" Erkki Seppälä (19): Variable "fs" not freed or pointed-to in function "get_prop_name" Pointer &qu

[PATCH v2 1/3] [libx11] Variable "map" goes out of scope

Release modifiermap before returning. Reordered code to call XGetModifierMapping after the first return from the function. Signed-off-by: Erkki Seppälä diff --git a/modules/im/ximcp/imThaiFlt.c b/modules/im/ximcp/imThaiFlt.c index e0b3988..e2b0458 100644 --- a/modules/im/ximcp/imThaiFlt.c +++ b

[PATCH v2 2/3] [libx11] Using uninitialized value "p->modifiers"

Small fix by using Xcalloc instead of Xmalloc Signed-off-by: Erkki Seppälä diff --git a/src/KeyBind.c b/src/KeyBind.c index 6d80a02..ac25ce2 100644 --- a/src/KeyBind.c +++ b/src/KeyBind.c @@ -996,7 +996,7 @@ XRebindKeysym ( tmp = dpy->key_bindings; nb = sizeof(KeySym) * nm; -

[PATCH v2 0/3] Various fixes based on static analysis

Here are revised versions of the fixes that got some review comments on the list. Erkki Seppälä (3): Variable "map" goes out of scope Using uninitialized value "p->modifiers" Cannot reach dead statement "return NULL;" modules/im/ximcp/imThaiFlt.

[PATCH v2 3/3] [libx11] Cannot reach dead statement "return NULL;"

Check for the NULLness of prop->name and prop->value instead of name and value, which was checked earlier anyway. Decided against using strdup due to curious memory allocation functions and the rest of the xkb not using it either. Signed-off-by: Erkki Seppälä diff --git a/src/xkb/XKBGAll

Pull request for libx11 reviewed static analysis fixes

are available in the git repository at: git://gitorious.org/erkkise/libx11-fixes.git fixes-reviewed-1 Erkki Seppälä (4): Using freed pointer "e" Dereferencing possibly NULL "str" in call to function "memcpy" (Deref assumed on the basis of 'nonnull' parameter attribute.) Var

[PATCH 32/32] [libx11] Cannot reach dead statement "return NULL;"

Removed superfluous check for NULL. name == NULL is already checked at the function entry. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xkb/XKBGAlloc.c |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/src/xkb/XKBGAlloc.c b/src/xkb

[PATCH 22/32] [libx11] xcms/LRGB: Add a label for freeing property_return.

From: Ander Conselvan de Oliveira The rest of the code uses goto's to free memory allocated later and prevent memory leaks, but there were several paths were property_return was free'd just before a goto. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira ---

[PATCH 26/32] [libx11] Using uninitialized value "conv->state" in call to function "close_converter"

From: Ander Conselvan de Oliveira Fixed by zero'ing conv on allocation. Then close_converter works properly. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira --- modules/lc/def/lcDefConv.c |2 +- modules/lc/gen/lcGenConv.c |2 +- 2 files changed, 2 inser

[PATCH 25/32] [libx11] Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer*)realloc((char*)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U

From: Ander Conselvan de Oliveira info_list->watch_data was being reallocated, but the return value of the reallocation was stored only into a local variable. This might cause some funky behavior and crashes. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira ---

[PATCH 29/32] [libx11] a negative value was passed to memcpy

s are XBufferOverflow, XLookupNone, XLookupChars, XLookupKeySym, and XLookupBoth. Each of these has a specific meaning attached. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imLcLkup.c |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --

[PATCH 17/32] [libx11] Dereferencing possibly NULL "str" in call to function "memcpy" (Deref assumed on the basis of 'nonnull' parameter attribute.)

If _XkbGetReadBufferPtr returns NULL, goto BAILOUT Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xkb/XKBList.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/xkb/XKBList.c b/src/xkb/XKBList.c index e1b4127..dec96b7 100644 --- a/src

[PATCH 15/32] [libx11] Variable "prop_name" not freed or pointed-to in function "strlen"

Instead of copying the value returned by get_prop_name and then releasing it, directly use the return value of get_prop_name, which allocates memory for the name. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/XDefaultOMIF.c |4 +--- 1 files

[PATCH 10/32] [libx11] Variable "missing_list" goes out of scope

Fixed memory leak by adding Xfree and initializing missing_list with NULL Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im

[PATCH 12/32] [libx11] Variable "colormap_ret" goes out of scope

Fixed memory leak by adding Xfree Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRm.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRm.c b/modules/im/ximcp/imRm.c index 2e2c31f..fa86979 100644 --- a

[PATCH 31/32] [libx11] Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..."

Removed superfluous check for NULL target_dir; it is already handled before this code. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcFile.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n

[PATCH 28/32] [libx11] Comparing array against NULL is not useful "&xkb->server->vmods != NULL"

Removed superfluous comparison. Signed-off-by: Erkki Seppälä --- src/xkb/XKBMisc.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xkb/XKBMisc.c b/src/xkb/XKBMisc.c index fc5ae5f..4aa1f73 100644 --- a/src/xkb/XKBMisc.c +++ b/src/xkb/XKBMisc.c @@ -619,7 +619,7

[PATCH 30/32] [libx11] Cannot reach dead expression "0U" inside statement "if (1U + (target_dir ? strl..."

Removed superfluous check for NULL target_dir; it is already handled before this code. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/lcFile.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n

[PATCH 18/32] [libx11] Tracked variable "size" was passed to a negative sink.

Fixed the handling of the extremely unlikely situation of fstat failing Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/Xrm.c |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/src/Xrm.c b/src/Xrm.c index 3e68c37..b243d60 100644 --- a

[PATCH 24/32] [libx11] Using freed pointer "prop_ret"

== 0 || nitems_ret == 0) ends up returning XcmsFailure, the freed value of prop_ret from the previous call to XGWP will be returned. This patches changes the funcion to behavior to return XcmsFailure if the call do XGetWindowProperty fails. Reviewed-by: Erkki Seppälä Signed-off-by: Ander

xorg-devel@lists.x.org

Checked return value of XGetWindowProperty and return false if it fails. Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imTrX.c | 33 + 1 files changed, 21 insertions(+), 12 deletions(-) diff --git a/modules/im/ximcp/imTrX.c b/modules/im/ximcp/imTrX.c index

[PATCH 13/32] [libx11] Variable "colormap_ret" goes out of scope

Fixed memory leak by adding Xfree Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRm.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRm.c b/modules/im/ximcp/imRm.c index fa86979..3d09b81 100644 --- a

[PATCH 21/32] [libx11] xcms/LRGB: Fix potential resource leak.

From: Ander Conselvan de Oliveira property_return was not free'd if the allocation of pRedTbl failed. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira --- src/xcms/LRGB.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/xcms/LRGB.c

[PATCH 23/32] [libx11] Using uninitialized value "error.resourceID" in call to function "_XError"

Reviewed-by: Erkki Seppälä Signed-off-by: Ander Conselvan de Oliveira --- src/GetProp.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/GetProp.c b/src/GetProp.c index a80c19c..5d6e0b8 100644 --- a/src/GetProp.c +++ b/src/GetProp.c @@ -46,7 +46,7

[PATCH 16/32] [libx11] Variable "table" goes out of scope

The NEWTABLE macro missed freeing its allocated memory on subsequent memory allocation errors. Added call to Xfree. Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/Xrm.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/Xrm.c b/src

[PATCH 20/32] [libx11] Double free of pointer "property_return" in call to "free"

From: Ander Conselvan de Oliveira property_return was free'd before and in the case the conditional is true, the call to XcmsGetProperty failed which means that property_return wasn't set so there is no need to free it again. Reviewed-by: Erkki Seppälä Signed-off-by: Ander Co

[PATCH 19/32] [libx11] Variable "entry" tracked as NULL was dereferenced.

Check entry for non-nullness before dereferencing it Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xkb/XKB.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/xkb/XKB.c b/src/xkb/XKB.c index 42dba99..f926cb9 100644 --- a/src/xkb/XKB.c

[PATCH 11/32] [libx11] Variable "colormap_ret" goes out of scope

Fixed memory leak by adding Xfree Signed-off-by: Erkki Seppälä --- modules/im/ximcp/imRmAttr.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/modules/im/ximcp/imRmAttr.c b/modules/im/ximcp/imRmAttr.c index ae053c9..5035df5 100644 --- a/modules/im/ximcp/imRmAttr.c +++ b

[PATCH 14/32] [libx11] Variable "image" goes out of scope

Fixed memory leak by adding Xfree Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/ImUtil.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/ImUtil.c b/src/ImUtil.c index cd418d8..3164d43 100644 --- a/src/ImUtil.c +++ b/src/ImUtil.c

[PATCH 04/32] [libx11] Variable "fs" not freed or pointed-to in function "get_prop_name"

Fixed a missing call to XFreeFont Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/xlibi18n/XDefaultOMIF.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/xlibi18n/XDefaultOMIF.c b/src/xlibi18n/XDefaultOMIF.c index bc6b1b9..bb3986a

[PATCH 08/32] [libx11] Possible overrun of 8192 byte fixed size buffer "buffer" by copying "ext->name" without length checking

Fixed by using strncpy and explicitly terminating the buffer Reviewed-by: Ander Conselvan de Oliveira Signed-off-by: Erkki Seppälä --- src/XlibInt.c |7 --- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/XlibInt.c b/src/XlibInt.c index c385f4c..9f2745e 100644 --- a

  1   2   >