From 662a5454c127037627e8e5a7e3f2b5cbeb1c44f1 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Wed, 6 Apr 2016 16:40:44 +0200 Subject: [PATCH 2/4] registryd: Avoid crashing with a NULL keystring From a coverity check: 1. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1167: deref_ptr_in_call: Dereferencing pointer "keystring". 2. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1169: check_after_deref: Null-checking "keystring" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. (keystring, -1, &c))) { --- registryd/deviceeventcontroller-x11.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/registryd/deviceeventcontroller-x11.c b/registryd/deviceeventcontroller-x11.c index d878d53..e003c00 100644 --- a/registryd/deviceeventcontroller-x11.c +++ b/registryd/deviceeventcontroller-x11.c @@ -1164,8 +1164,6 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint const gchar *c; KeySym keysym; - maxlen = strlen (keystring) + 1; - keysyms = g_new0 (KeySym, maxlen); if (!(keystring && *keystring && g_utf8_validate (keystring, -1, &c))) { retval = FALSE; } @@ -1173,6 +1171,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint #ifdef SPI_DEBUG fprintf (stderr, "[keystring synthesis attempted on %s]\n", keystring); #endif + maxlen = strlen (keystring) + 1; + keysyms = g_new0 (KeySym, maxlen); + while (keystring && (unichar = g_utf8_get_char (keystring))) { char bytes[6]; gint mbytes; @@ -1206,8 +1207,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint } } XSynchronize (spi_get_display (), FALSE); + + g_free (keysyms); } - g_free (keysyms); if (synth_type == Accessibility_KEY_SYM) { keysym = keycode; -- 2.5.0