diff options
author | Nickolai Zeldovich <nickolai@csail.mit.edu> | 2013-01-22 10:03:00 -0500 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-12 09:34:38 +0200 |
commit | e8ada07fa7dbbc88298e88a07f4b8613ec055cd8 (patch) | |
tree | 66d7be167c9a0b4537db9783f092eca8cd0685a1 | |
parent | 290f94aea2b6cf0b265bce33cadcf2f2cbcacd53 (diff) | |
download | nx-libs-e8ada07fa7dbbc88298e88a07f4b8613ec055cd8.tar.gz nx-libs-e8ada07fa7dbbc88298e88a07f4b8613ec055cd8.tar.bz2 nx-libs-e8ada07fa7dbbc88298e88a07f4b8613ec055cd8.zip |
XListFontsWithInfo: avoid accessing realloc'ed memory
If exactly one of the two reallocs in XListFontsWithInfo() fails, the
subsequent code accesses memory freed by the other realloc.
Signed-off-by: Nickolai Zeldovich <nickolai@csail.mit.edu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit deedeada53676ee529d700bf96fde0b29a3a1def)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
-rw-r--r-- | nx-X11/lib/X11/FontInfo.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/nx-X11/lib/X11/FontInfo.c b/nx-X11/lib/X11/FontInfo.c index 368beebe4..fb296b8a8 100644 --- a/nx-X11/lib/X11/FontInfo.c +++ b/nx-X11/lib/X11/FontInfo.c @@ -90,6 +90,11 @@ XFontStruct **info) /* RETURN */ Xrealloc ((char *) flist, (unsigned) (sizeof(char *) * (size+1))); + if (tmp_finfo) + finfo = tmp_finfo; + if (tmp_flist) + flist = tmp_flist; + if ((! tmp_finfo) || (! tmp_flist)) { /* free all the memory that we allocated */ for (j=(i-1); (j >= 0); j--) { @@ -97,14 +102,10 @@ XFontStruct **info) /* RETURN */ if (finfo[j].properties) Xfree((char *) finfo[j].properties); } - if (tmp_flist) Xfree((char *) tmp_flist); - else Xfree((char *) flist); - if (tmp_finfo) Xfree((char *) tmp_finfo); - else Xfree((char *) finfo); + Xfree((char *) flist); + Xfree((char *) finfo); goto clearwire; } - finfo = tmp_finfo; - flist = tmp_flist; } else { if (! (finfo = (XFontStruct *) |