Check for NULL pointer (which can be returned for multiple reasons)
before trying to dereference it to add privates. To avoid memory leak
in error path, delay malloc of privates until we're ready to add them.
As reported by parfait 1.1:
Error: Null pointer dereference (CWE 476)
Read from null pointer 'idle_time_counter'
at line 2764 of xserver/Xext/sync.c in function
'init_system_idle_counter'.
Function 'SyncCreateSystemCounter' may return constant 'NULL' at line
952, called at line 2756.
Null pointer introduced at line 952 in function
'SyncCreateSystemCounter'.
Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com>
---
Xext/sync.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/Xext/sync.c b/Xext/sync.c
index 4d11992..b48da26 100644
--- a/Xext/sync.c
+++ b/Xext/sync.c
@@ -2747,7 +2747,6 @@ init_system_idle_counter(const char *name, int deviceid)
{
CARD64 resolution;
XSyncValue idle;
- IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
SyncCounter *idle_time_counter;
IdleTimeQueryValue(NULL, &idle);
@@ -2758,10 +2757,14 @@ init_system_idle_counter(const char *name, int deviceid)
IdleTimeQueryValue,
IdleTimeBracketValues);
- priv->deviceid = deviceid;
- priv->value_less = priv->value_greater = NULL;
+ if (idle_time_counter != NULL) {
+ IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
- idle_time_counter->pSysCounterInfo->private = priv;
+ priv->value_less = priv->value_greater = NULL;
+ priv->deviceid = deviceid;
+
+ idle_time_counter->pSysCounterInfo->private = priv;
+ }
return idle_time_counter;
}
--
1.7.9.2
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
