diff options
author | Erkki Seppälä <erkki.seppala@vincit.fi> | 2011-02-03 17:08:57 +0200 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-19 21:40:24 +0200 |
commit | 07fae919a4474abfb55f41ed3d07bf93e74e9154 (patch) | |
tree | 65ab0434beb56d7467b0660c51529b9c9258eaae | |
parent | ae4e7538e078aff5db75af7b5fafdbb5658cbbb6 (diff) | |
download | nx-libs-07fae919a4474abfb55f41ed3d07bf93e74e9154.tar.gz nx-libs-07fae919a4474abfb55f41ed3d07bf93e74e9154.tar.bz2 nx-libs-07fae919a4474abfb55f41ed3d07bf93e74e9154.zip |
cmsProp: don't deal with uninitialized values, fail instead
Properly handle the return value of XGetWindowProperty by considering
if after the loop as well.
Using freed pointer "prop_ret"
There were numerous things wrong in how this function interacted with
XGetWindowProperty.
None of the local variables were initialized and remained that way if
the call to XGetWindowProperty returned 1 (not Succeed). That doesn't
result in after_ret being initialized in which case if it happens to
be 0, the loop was exited. In that case format_ret and nitems_ret were
uninitialized and the function might return with success (but with
uninitialized pointer in prop_ret) or XcmsFailure.
As the buffer enlarging code was called only when XGetWindowProperty
failed (returned not Success), after_ret would not have been
initialized. It would have been initialized only if the
XGetWindowProperty has returned Success earlier, but in that case the
code fragment would not have been reached.
This patch alters the function to return XcmsFailure if the call to
XGetWindowProperty fails.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
-rw-r--r-- | nx-X11/lib/X11/cmsProp.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/nx-X11/lib/X11/cmsProp.c b/nx-X11/lib/X11/cmsProp.c index 0e8f8a2ba..7e1a70310 100644 --- a/nx-X11/lib/X11/cmsProp.c +++ b/nx-X11/lib/X11/cmsProp.c @@ -125,20 +125,23 @@ _XcmsGetProperty( unsigned long nitems_ret, after_ret; #endif Atom atom_ret; + int xgwp_ret; - while (XGetWindowProperty (pDpy, w, property, 0, len, False, - XA_INTEGER, &atom_ret, &format_ret, - &nitems_ret, &after_ret, - (unsigned char **)&prop_ret)) { - if (after_ret > 0) { + while (True) { + xgwp_ret = XGetWindowProperty (pDpy, w, property, 0, len, False, + XA_INTEGER, &atom_ret, &format_ret, + &nitems_ret, &after_ret, + (unsigned char **)&prop_ret); + if (xgwp_ret == Success && after_ret > 0) { len += nitems_ret * (format_ret >> 3); XFree (prop_ret); } else { break; } } - if (format_ret == 0 || nitems_ret == 0) { - /* the property does not exist or is of an unexpected type */ + if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) { + /* the property does not exist or is of an unexpected type or + getting window property failed */ return(XcmsFailure); } |