rpms / xorg-x11-server

Clone
Source Code
GIT

Blame SOURCES/0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9-beta
  2.   SOURCES
  3.   0001-xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch
Blob History Raw
26c1df 
From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001
26c1df 
From: Peter Hutterer <peter.hutterer@who-t.net>
26c1df 
Date: Wed, 13 Jul 2022 11:23:09 +1000
26c1df 
Subject: [PATCH xserver] xkb: fix some possible memleaks in XkbGetKbdByName
26c1df
26c1df 
GetComponentByName returns an allocated string, so let's free that if we
26c1df 
fail somewhere.
26c1df
26c1df 
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
26c1df 
---
26c1df 
 xkb/xkb.c | 26 ++++++++++++++++++++------
26c1df 
 1 file changed, 20 insertions(+), 6 deletions(-)
26c1df
26c1df 
diff --git a/xkb/xkb.c b/xkb/xkb.c
26c1df 
index 4692895db..b79a269e3 100644
26c1df 
--- a/xkb/xkb.c
26c1df 
+++ b/xkb/xkb.c
26c1df 
@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client)
26c1df 
     xkb = dev->key->xkbInfo->desc;
26c1df 
     status = Success;
26c1df 
     str = (unsigned char *) &stuff[1];
26c1df 
-    if (GetComponentSpec(&str, TRUE, &status))  /* keymap, unsupported */
26c1df 
-        return BadMatch;
26c1df 
+    {
26c1df 
+        char *keymap = GetComponentSpec(&str, TRUE, &status);  /* keymap, unsupported */
26c1df 
+        if (keymap) {
26c1df 
+            free(keymap);
26c1df 
+            return BadMatch;
26c1df 
+        }
26c1df 
+    }
26c1df 
     names.keycodes = GetComponentSpec(&str, TRUE, &status);
26c1df 
     names.types = GetComponentSpec(&str, TRUE, &status);
26c1df 
     names.compat = GetComponentSpec(&str, TRUE, &status);
26c1df 
     names.symbols = GetComponentSpec(&str, TRUE, &status);
26c1df 
     names.geometry = GetComponentSpec(&str, TRUE, &status);
26c1df 
-    if (status != Success)
26c1df 
+    if (status == Success) {
26c1df 
+        len = str - ((unsigned char *) stuff);
26c1df 
+        if ((XkbPaddedSize(len) / 4) != stuff->length)
26c1df 
+            status = BadLength;
26c1df 
+    }
26c1df 
+
26c1df 
+    if (status != Success) {
26c1df 
+        free(names.keycodes);
26c1df 
+        free(names.types);
26c1df 
+        free(names.compat);
26c1df 
+        free(names.symbols);
26c1df 
+        free(names.geometry);
26c1df 
         return status;
26c1df 
-    len = str - ((unsigned char *) stuff);
26c1df 
-    if ((XkbPaddedSize(len) / 4) != stuff->length)
26c1df 
-        return BadLength;
26c1df 
+    }
26c1df
26c1df 
     CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
26c1df 
     CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
26c1df 
--
26c1df 
2.38.1
26c1df

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation