aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErkki Seppälä <erkki.seppala@vincit.fi>2011-02-03 17:08:57 +0200
committerUlrich Sibiller <uli42@gmx.de>2016-10-19 21:40:24 +0200
commit07fae919a4474abfb55f41ed3d07bf93e74e9154 (patch)
tree65ab0434beb56d7467b0660c51529b9c9258eaae
parentae4e7538e078aff5db75af7b5fafdbb5658cbbb6 (diff)
downloadnx-libs-07fae919a4474abfb55f41ed3d07bf93e74e9154.tar.gz
nx-libs-07fae919a4474abfb55f41ed3d07bf93e74e9154.tar.bz2
nx-libs-07fae919a4474abfb55f41ed3d07bf93e74e9154.zip
cmsProp: don't deal with uninitialized values, fail instead
Properly handle the return value of XGetWindowProperty by considering if after the loop as well. Using freed pointer "prop_ret" There were numerous things wrong in how this function interacted with XGetWindowProperty. None of the local variables were initialized and remained that way if the call to XGetWindowProperty returned 1 (not Succeed). That doesn't result in after_ret being initialized in which case if it happens to be 0, the loop was exited. In that case format_ret and nitems_ret were uninitialized and the function might return with success (but with uninitialized pointer in prop_ret) or XcmsFailure. As the buffer enlarging code was called only when XGetWindowProperty failed (returned not Success), after_ret would not have been initialized. It would have been initialized only if the XGetWindowProperty has returned Success earlier, but in that case the code fragment would not have been reached. This patch alters the function to return XcmsFailure if the call to XGetWindowProperty fails. Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com> Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi> Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
-rw-r--r--nx-X11/lib/X11/cmsProp.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/nx-X11/lib/X11/cmsProp.c b/nx-X11/lib/X11/cmsProp.c
index 0e8f8a2ba..7e1a70310 100644
--- a/nx-X11/lib/X11/cmsProp.c
+++ b/nx-X11/lib/X11/cmsProp.c
@@ -125,20 +125,23 @@ _XcmsGetProperty(
unsigned long nitems_ret, after_ret;
#endif
Atom atom_ret;
+ int xgwp_ret;
- while (XGetWindowProperty (pDpy, w, property, 0, len, False,
- XA_INTEGER, &atom_ret, &format_ret,
- &nitems_ret, &after_ret,
- (unsigned char **)&prop_ret)) {
- if (after_ret > 0) {
+ while (True) {
+ xgwp_ret = XGetWindowProperty (pDpy, w, property, 0, len, False,
+ XA_INTEGER, &atom_ret, &format_ret,
+ &nitems_ret, &after_ret,
+ (unsigned char **)&prop_ret);
+ if (xgwp_ret == Success && after_ret > 0) {
len += nitems_ret * (format_ret >> 3);
XFree (prop_ret);
} else {
break;
}
}
- if (format_ret == 0 || nitems_ret == 0) {
- /* the property does not exist or is of an unexpected type */
+ if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) {
+ /* the property does not exist or is of an unexpected type or
+ getting window property failed */
return(XcmsFailure);
}