From 662a5454c127037627e8e5a7e3f2b5cbeb1c44f1 Mon Sep 17 00:00:00 2001

From: Rui Matos <tiagomatos@gmail.com>

Date: Wed, 6 Apr 2016 16:40:44 +0200

Subject: [PATCH 2/4] registryd: Avoid crashing with a NULL keystring

From a coverity check:

1. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1167:

deref_ptr_in_call: Dereferencing pointer "keystring".

2. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1169:

check_after_deref: Null-checking "keystring" suggests that it may be

null, but it has already been dereferenced on all paths leading to the

check.

(keystring, -1, &c))) {

---

 registryd/deviceeventcontroller-x11.c | 8 +++++---

 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/registryd/deviceeventcontroller-x11.c b/registryd/deviceeventcontroller-x11.c

index d878d53..e003c00 100644

--- a/registryd/deviceeventcontroller-x11.c

+++ b/registryd/deviceeventcontroller-x11.c

@@ -1164,8 +1164,6 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint

 	const gchar *c;

 	KeySym keysym;

-	maxlen = strlen (keystring) + 1;

-	keysyms = g_new0 (KeySym, maxlen);

 	if (!(keystring && *keystring && g_utf8_validate (keystring, -1, &c))) { 

 		retval = FALSE;

 	} 

@@ -1173,6 +1171,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint

 #ifdef SPI_DEBUG

 		fprintf (stderr, "[keystring synthesis attempted on %s]\n", keystring);

 #endif

+		maxlen = strlen (keystring) + 1;

+		keysyms = g_new0 (KeySym, maxlen);

+

 		while (keystring && (unichar = g_utf8_get_char (keystring))) {

 			char bytes[6];

 			gint mbytes;

@@ -1206,8 +1207,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint

 			}

 		}

 		XSynchronize (spi_get_display (), FALSE);

+

+		g_free (keysyms);

 	}

-	g_free (keysyms);

 	if (synth_type == Accessibility_KEY_SYM) {

 		keysym = keycode;

-- 

2.5.0