[PATCH 2/2] [libX11] xcms/cmsProp: don't deal with uninitialized values, fail instead

Fri, 04 Feb 2011 01:45:16 -0800 

Properly handle the return value of XGetWindowProperty by considering
if after the loop as well.

Using freed pointer "prop_ret"

There were numerous things wrong in how this function interacted with
XGetWindowProperty.

None of the local variables were initialized and remained that way if
the call to XGetWindowProperty returned 1 (not Succeed). That doesn't
result in after_ret being initialized in which case if it happens to
be 0, the loop was exited. In that case format_ret and nitems_ret were
uninitialized and the function might return with success (but with
uninitialized pointer in prop_ret) or XcmsFailure.

As the buffer enlarging code was called only when XGetWindowProperty
failed (returned not Success), after_ret would not have been
initialized. It would have been initialized only if the
XGetWindowProperty has returned Success earlier, but in that case the
code fragment would not have been reached.

This patch alters the function to return XcmsFailure if the call to
XGetWindowProperty fails.

Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-olive...@nokia.com>
Reviewed-by: Rami Ylimäki <rami.ylim...@vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.sepp...@vincit.fi>
---
 src/xcms/cmsProp.c |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/xcms/cmsProp.c b/src/xcms/cmsProp.c
index 856ae84..2826ee7 100644
--- a/src/xcms/cmsProp.c
+++ b/src/xcms/cmsProp.c
@@ -121,20 +121,23 @@ _XcmsGetProperty(
     long len = 6516;
     unsigned long nitems_ret, after_ret;
     Atom atom_ret;
+    int xgwp_ret;
 
-    while (XGetWindowProperty (pDpy, w, property, 0, len, False,
-                              XA_INTEGER, &atom_ret, &format_ret,
-                              &nitems_ret, &after_ret,
-                              (unsigned char **)&prop_ret)) {
-       if (after_ret > 0) {
+    while (True) {
+       xgwp_ret = XGetWindowProperty (pDpy, w, property, 0, len, False,
+                                      XA_INTEGER, &atom_ret, &format_ret,
+                                      &nitems_ret, &after_ret,
+                                      (unsigned char **)&prop_ret);
+       if (xgwp_ret == Success && after_ret > 0) {
            len += nitems_ret * (format_ret >> 3);
            XFree (prop_ret);
        } else {
            break;
        }
     }
-    if (format_ret == 0 || nitems_ret == 0) {
-       /* the property does not exist or is of an unexpected type */
+    if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) {
+       /* the property does not exist or is of an unexpected type or
+           getting window property failed */
        return(XcmsFailure);
     }
 
-- 
1.7.0.4

_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to