diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2011-02-11 14:20:24 -0800 | 
|---|---|---|
| committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-12 09:34:38 +0200 | 
| commit | 290f94aea2b6cf0b265bce33cadcf2f2cbcacd53 (patch) | |
| tree | ff319e3f67a0e74cd2e86c662c0c0c2c0ca190b8 /nxcomp/BlockCacheSet.cpp | |
| parent | 93615472844ddbf5c530ad911332e5f316aa21b1 (diff) | |
| download | nx-libs-290f94aea2b6cf0b265bce33cadcf2f2cbcacd53.tar.gz nx-libs-290f94aea2b6cf0b265bce33cadcf2f2cbcacd53.tar.bz2 nx-libs-290f94aea2b6cf0b265bce33cadcf2f2cbcacd53.zip | |
ximcp: Prevent memory leak & double free if multiple %L in string
In the highly unlikely event that TransFileName was passed a path
containing multiple %L entries, for each entry it would call
_XlcFileName, leaking the previous results, and then for each entry it
would copy from that pointer and free it, resulting in invalid pointers
& possible double frees for each use after the first one freed it.
Error: Use after free (CWE 416)
   Use after free of pointer 'lcCompose'
        at line 358 of nx-X11/lib/X11/imLcPrs.c in function 'TransFileName'.
          Previously freed at line 360 with free.
Error: Use after free (CWE 416)
   Use after free of pointer 'lcCompose'
        at line 359 of nx-X11/lib/X11/imLcPrs.c in function 'TransFileName'.
          Previously freed at line 360 with free.
Error: Double free (CWE 415)
   Double free of pointer 'lcCompose'
        at line 360 of nx-X11/lib/X11/imLcPrs.c in function 'TransFileName'.
          Previously freed at line 360 with free.
[ This bug was found by the Parfait 0.3.6 bug checking tool.
  For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 6ac417cea1136a3617f5e40f4b106aaa3f48d6c2)
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nxcomp/BlockCacheSet.cpp')
0 files changed, 0 insertions, 0 deletions
