Blob Blame Raw
From 662a5454c127037627e8e5a7e3f2b5cbeb1c44f1 Mon Sep 17 00:00:00 2001
From: Rui Matos <tiagomatos@gmail.com>
Date: Wed, 6 Apr 2016 16:40:44 +0200
Subject: [PATCH 2/4] registryd: Avoid crashing with a NULL keystring

From a coverity check:

1. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1167:
deref_ptr_in_call: Dereferencing pointer "keystring".
2. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1169:
check_after_deref: Null-checking "keystring" suggests that it may be
null, but it has already been dereferenced on all paths leading to the
check.
(keystring, -1, &c))) {
---
 registryd/deviceeventcontroller-x11.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/registryd/deviceeventcontroller-x11.c b/registryd/deviceeventcontroller-x11.c
index d878d53..e003c00 100644
--- a/registryd/deviceeventcontroller-x11.c
+++ b/registryd/deviceeventcontroller-x11.c
@@ -1164,8 +1164,6 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint
 	const gchar *c;
 	KeySym keysym;
 
-	maxlen = strlen (keystring) + 1;
-	keysyms = g_new0 (KeySym, maxlen);
 	if (!(keystring && *keystring && g_utf8_validate (keystring, -1, &c))) { 
 		retval = FALSE;
 	} 
@@ -1173,6 +1171,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint
 #ifdef SPI_DEBUG
 		fprintf (stderr, "[keystring synthesis attempted on %s]\n", keystring);
 #endif
+		maxlen = strlen (keystring) + 1;
+		keysyms = g_new0 (KeySym, maxlen);
+
 		while (keystring && (unichar = g_utf8_get_char (keystring))) {
 			char bytes[6];
 			gint mbytes;
@@ -1206,8 +1207,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint
 			}
 		}
 		XSynchronize (spi_get_display (), FALSE);
+
+		g_free (keysyms);
 	}
-	g_free (keysyms);
 
 	if (synth_type == Accessibility_KEY_SYM) {
 		keysym = keycode;
-- 
2.5.0