diff options
Diffstat (limited to 'nx-X11/lib/src')
| -rw-r--r-- | nx-X11/lib/src/DisName.c | 2 | ||||
| -rw-r--r-- | nx-X11/lib/src/FSWrap.c | 2 | ||||
| -rw-r--r-- | nx-X11/lib/src/FontNames.c | 16 | ||||
| -rw-r--r-- | nx-X11/lib/src/GetFPath.c | 11 | ||||
| -rw-r--r-- | nx-X11/lib/src/GetImage.c | 16 | ||||
| -rw-r--r-- | nx-X11/lib/src/LiHosts.c | 19 | ||||
| -rw-r--r-- | nx-X11/lib/src/ListExt.c | 19 | ||||
| -rw-r--r-- | nx-X11/lib/src/SetHints.c | 4 | ||||
| -rw-r--r-- | nx-X11/lib/src/StColor.c | 1 | ||||
| -rw-r--r-- | nx-X11/lib/src/StColors.c | 1 | ||||
| -rw-r--r-- | nx-X11/lib/src/StrKeysym.c | 10 | ||||
| -rw-r--r-- | nx-X11/lib/src/XlibInt.c | 86 | ||||
| -rw-r--r-- | nx-X11/lib/src/xcms/LRGB.c | 3 | ||||
| -rw-r--r-- | nx-X11/lib/src/xcms/cmsColNm.c | 2 | ||||
| -rw-r--r-- | nx-X11/lib/src/xcms/cmsProp.c | 1 | ||||
| -rw-r--r-- | nx-X11/lib/src/xkb/XKBAlloc.c | 8 | ||||
| -rw-r--r-- | nx-X11/lib/src/xlibi18n/lcCT.c | 10 | ||||
| -rw-r--r-- | nx-X11/lib/src/xlibi18n/lcDB.c | 2 | ||||
| -rw-r--r-- | nx-X11/lib/src/xlibi18n/lcGeneric.c | 1 | ||||
| -rw-r--r-- | nx-X11/lib/src/xlibi18n/lcPublic.c | 1 |
20 files changed, 115 insertions, 100 deletions
diff --git a/nx-X11/lib/src/DisName.c b/nx-X11/lib/src/DisName.c index 87a1e2f0e..5a90ab34f 100644 --- a/nx-X11/lib/src/DisName.c +++ b/nx-X11/lib/src/DisName.c @@ -60,5 +60,5 @@ XDisplayName( return( (char *)display ); if ( (d = getenv( "DISPLAY" )) != (char *)NULL ) return( d ); - return( "" ); + return( (char *) "" ); } diff --git a/nx-X11/lib/src/FSWrap.c b/nx-X11/lib/src/FSWrap.c index 015965779..1b244f43c 100644 --- a/nx-X11/lib/src/FSWrap.c +++ b/nx-X11/lib/src/FSWrap.c @@ -195,7 +195,7 @@ XCreateFontSet ( if (oc && def_string) { *def_string = oc->core.default_string; if (!*def_string) - *def_string = ""; + *def_string = (char *)""; } if (oc == NULL) diff --git a/nx-X11/lib/src/FontNames.c b/nx-X11/lib/src/FontNames.c index 9ffdfd299..ec7d90fa2 100644 --- a/nx-X11/lib/src/FontNames.c +++ b/nx-X11/lib/src/FontNames.c @@ -88,24 +88,16 @@ int *actualCount) /* RETURN */ * unpack into null terminated strings. */ chstart = ch; - chend = ch + (rlen + 1); + chend = ch + rlen; length = *(unsigned char *)ch; *ch = 1; /* make sure it is non-zero for XFreeFontNames */ for (i = 0; i < rep.nFonts; i++) { if (ch + length < chend) { flist[i] = ch + 1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *(unsigned char *)ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { - Xfree(chstart); - Xfree(flist); - flist = NULL; - count = 0; - break; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; } else { Xfree(chstart); Xfree(flist); diff --git a/nx-X11/lib/src/GetFPath.c b/nx-X11/lib/src/GetFPath.c index 3d87e4f64..87d257615 100644 --- a/nx-X11/lib/src/GetFPath.c +++ b/nx-X11/lib/src/GetFPath.c @@ -69,15 +69,20 @@ char **XGetFontPath( /* * unpack into null terminated strings. */ - chend = ch + (nbytes + 1); - length = *ch; + chend = ch + nbytes; + length = *(unsigned char *)ch; for (i = 0; i < rep.nPaths; i++) { if (ch + length < chend) { flist[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - length = *ch; + length = *(unsigned char *)ch; *ch = '\0'; /* and replace with null-termination */ count++; + } else if (i == 0) { + Xfree(flist); + Xfree(ch); + flist = NULL; + break; } else flist[i] = NULL; } diff --git a/nx-X11/lib/src/GetImage.c b/nx-X11/lib/src/GetImage.c index d80f6715f..96d9ce337 100644 --- a/nx-X11/lib/src/GetImage.c +++ b/nx-X11/lib/src/GetImage.c @@ -105,14 +105,16 @@ XImage *XGetImage ( planes = 1; } - if (!image) + if (!image) { Xfree(data); - if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || - INT_MAX / image->height <= image->bytes_per_line || - INT_MAX / planes <= image->height * image->bytes_per_line || - nbytes < planes * image->height * image->bytes_per_line) { - XDestroyImage(image); - image = NULL; + } else { + if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || + INT_MAX / image->height <= image->bytes_per_line || + INT_MAX / planes <= image->height * image->bytes_per_line || + nbytes < planes * image->height * image->bytes_per_line) { + XDestroyImage(image); + image = NULL; + } } UnlockDisplay(dpy); SyncHandle(); diff --git a/nx-X11/lib/src/LiHosts.c b/nx-X11/lib/src/LiHosts.c index 29c36ffb5..315e4dbb4 100644 --- a/nx-X11/lib/src/LiHosts.c +++ b/nx-X11/lib/src/LiHosts.c @@ -119,11 +119,16 @@ XHostAddress *XListHosts ( _XRead (dpy, (char *) buf, nbytes); for (i = 0; i < reply.nHosts; i++) { + if (bp > buf + nbytes - SIZEOF(xHostEntry)) + goto fail; op->family = ((xHostEntry *) bp)->family; op->length =((xHostEntry *) bp)->length; if (op->family == FamilyServerInterpreted) { char *tp = (char *) (bp + SIZEOF(xHostEntry)); - char *vp = memchr(tp, 0, op->length); + char *vp; + if (tp > (char *) (buf + nbytes - op->length)) + goto fail; + vp = memchr(tp, 0, op->length); if (vp != NULL) { sip->type = tp; @@ -138,6 +143,8 @@ XHostAddress *XListHosts ( sip++; } else { op->address = (char *) (bp + SIZEOF(xHostEntry)); + if (op->address > (char *) (buf + nbytes - op->length)) + goto fail; } bp += SIZEOF(xHostEntry) + (((op->length + 3) >> 2) << 2); op++; @@ -149,9 +156,9 @@ XHostAddress *XListHosts ( UnlockDisplay(dpy); SyncHandle(); return (outbuf); +fail: + *enabled = reply.enabled; + *nhosts = 0; + Xfree(outbuf); + return (NULL); } - - - - - diff --git a/nx-X11/lib/src/ListExt.c b/nx-X11/lib/src/ListExt.c index 7fdf9932c..a795041d0 100644 --- a/nx-X11/lib/src/ListExt.c +++ b/nx-X11/lib/src/ListExt.c @@ -74,19 +74,20 @@ char **XListExtensions( /* * unpack into null terminated strings. */ - chend = ch + (rlen + 1); - length = *ch; + chend = ch + rlen; + length = *(unsigned char *)ch; for (i = 0; i < rep.nExtensions; i++) { if (ch + length < chend) { list[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - if (ch <= chend) { - length = *ch; - *ch = '\0'; /* and replace with null-termination */ - count++; - } else { - list[i] = NULL; - } + length = *(unsigned char *)ch; + *ch = '\0'; /* and replace with null-termination */ + count++; + } else if (i == 0) { + Xfree(list); + Xfree(ch); + list = NULL; + break; } else list[i] = NULL; } diff --git a/nx-X11/lib/src/SetHints.c b/nx-X11/lib/src/SetHints.c index eed360f46..db5e7527e 100644 --- a/nx-X11/lib/src/SetHints.c +++ b/nx-X11/lib/src/SetHints.c @@ -211,7 +211,7 @@ XSetCommand ( int argc) { register int i; - register int nbytes; + size_t nbytes; register char *buf, *bp; for (i = 0, nbytes = 0; i < argc; i++) { nbytes += safestrlen(argv[i]) + 1; @@ -295,7 +295,7 @@ XSetClassHint( { char *class_string; char *s; - int len_nm, len_cl; + size_t len_nm, len_cl; len_nm = safestrlen(classhint->res_name); len_cl = safestrlen(classhint->res_class); diff --git a/nx-X11/lib/src/StColor.c b/nx-X11/lib/src/StColor.c index d5a217fb0..221fae136 100644 --- a/nx-X11/lib/src/StColor.c +++ b/nx-X11/lib/src/StColor.c @@ -50,6 +50,7 @@ XStoreColor( citem->green = def->green; citem->blue = def->blue; citem->flags = def->flags; /* do_red, do_green, do_blue */ + citem->pad = 0; UnlockDisplay(dpy); diff --git a/nx-X11/lib/src/StColors.c b/nx-X11/lib/src/StColors.c index 17a215cc0..fa1814c8e 100644 --- a/nx-X11/lib/src/StColors.c +++ b/nx-X11/lib/src/StColors.c @@ -53,6 +53,7 @@ XStoreColors( citem.green = defs[i].green; citem.blue = defs[i].blue; citem.flags = defs[i].flags; + citem.pad = 0; /* note that xColorItem doesn't contain all 16-bit quantities, so we can't use Data16 */ diff --git a/nx-X11/lib/src/StrKeysym.c b/nx-X11/lib/src/StrKeysym.c index 125aceca3..d7a9b7566 100644 --- a/nx-X11/lib/src/StrKeysym.c +++ b/nx-X11/lib/src/StrKeysym.c @@ -115,7 +115,7 @@ XStringToKeysym(_Xconst char *s) { XrmValue result; XrmRepresentation from_type; - char c; + char d; XrmQuark names[2]; names[0] = _XrmInternalStringToQuark(s, p - s - 1, sig, False); @@ -126,10 +126,10 @@ XStringToKeysym(_Xconst char *s) val = 0; for (i = 0; i < result.size - 1; i++) { - c = ((char *)result.addr)[i]; - if ('0' <= c && c <= '9') val = (val<<4)+c-'0'; - else if ('a' <= c && c <= 'f') val = (val<<4)+c-'a'+10; - else if ('A' <= c && c <= 'F') val = (val<<4)+c-'A'+10; + d = ((char *)result.addr)[i]; + if ('0' <= d && d <= '9') val = (val<<4)+d-'0'; + else if ('a' <= d && d <= 'f') val = (val<<4)+d-'a'+10; + else if ('A' <= d && d <= 'F') val = (val<<4)+d-'A'+10; else return NoSymbol; } return val; diff --git a/nx-X11/lib/src/XlibInt.c b/nx-X11/lib/src/XlibInt.c index 5afc65149..119126d3d 100644 --- a/nx-X11/lib/src/XlibInt.c +++ b/nx-X11/lib/src/XlibInt.c @@ -836,8 +836,12 @@ _XWaitForReadable( static int sync_hazard(Display *dpy) { - unsigned long span = dpy->request - dpy->last_request_read; - unsigned long hazard = min((dpy->bufmax - dpy->buffer) / SIZEOF(xReq), 65535 - 10); + /* + * "span" and "hazard" need to be signed such that the ">=" comparision + * works correctly in the case that hazard is greater than 65525 + */ + int64_t span = X_DPY_GET_REQUEST(dpy) - X_DPY_GET_LAST_REQUEST_READ(dpy); + int64_t hazard = min((dpy->bufmax - dpy->buffer) / SIZEOF(xReq), 65535 - 10); return span >= 65535 - hazard - 10; } @@ -876,7 +880,7 @@ void _XSeqSyncFunction( return; } #endif /* NX_TRANS_SOCKET */ - if ((dpy->request - dpy->last_request_read) >= (65535 - BUFSIZE/SIZEOF(xReq))) { + if ((X_DPY_GET_REQUEST(dpy) - X_DPY_GET_LAST_REQUEST_READ(dpy)) >= (65535 - BUFSIZE/SIZEOF(xReq))) { GetEmptyReq(GetInputFocus, req); (void) _XReply (dpy, (xReply *)&rep, 0, xTrue); sync_while_locked(dpy); @@ -2072,9 +2076,9 @@ _XSetLastRequestRead( register Display *dpy, register xGenericReply *rep) { - register unsigned long newseq, lastseq; + register uint64_t newseq, lastseq; - lastseq = dpy->last_request_read; + lastseq = X_DPY_GET_LAST_REQUEST_READ(dpy); /* * KeymapNotify has no sequence number, but is always guaranteed * to immediately follow another event, except when generated via @@ -2083,30 +2087,31 @@ _XSetLastRequestRead( if ((rep->type & 0x7f) == KeymapNotify) return(lastseq); - newseq = (lastseq & ~((unsigned long)0xffff)) | rep->sequenceNumber; + newseq = (lastseq & ~((uint64_t)0xffff)) | rep->sequenceNumber; if (newseq < lastseq) { newseq += 0x10000; - if (newseq > dpy->request) { + if (newseq > X_DPY_GET_REQUEST(dpy)) { #ifdef NX_TRANS_SOCKET if (_NXLostSequenceFunction != NULL) - { - (*_NXLostSequenceFunction)(dpy, newseq, dpy->request, - (unsigned int) rep->type); - } - else + { + (*_NXLostSequenceFunction)(dpy, newseq, X_DPY_GET_REQUEST(dpy), + (unsigned int) rep->type); + } + else #endif /* #ifdef NX_TRANS_SOCKET */ - { - (void) fprintf (stderr, - "Xlib: sequence lost (0x%lx > 0x%lx) in reply type 0x%x!\n", - newseq, dpy->request, - (unsigned int) rep->type); - } + { + (void) fprintf (stderr, + "Xlib: sequence lost (0x%llx > 0x%llx) in reply type 0x%x!\n", + (unsigned long long)newseq, + (unsigned long long)(X_DPY_GET_REQUEST(dpy)), + (unsigned int) rep->type); + } newseq -= 0x10000; } } - dpy->last_request_read = newseq; + X_DPY_SET_LAST_REQUEST_READ(dpy, newseq); return(newseq); } @@ -2652,8 +2657,8 @@ XAddConnectionWatch( /* allocate new watch data */ for (info_list=dpy->im_fd_info; info_list; info_list=info_list->next) { - wd_array = Xrealloc(info_list->watch_data, - (dpy->watcher_count + 1) * sizeof(XPointer)); + wd_array = Xrealloc(info_list->watch_data, + (dpy->watcher_count + 1) * sizeof(XPointer)); if (!wd_array) { UnlockDisplay(dpy); return 0; @@ -2921,15 +2926,12 @@ void _XEnq( /* If dpy->qfree is non-NULL do this, else malloc a new one. */ dpy->qfree = qelt->next; } - else if ((qelt = Xmalloc(sizeof(_XQEvent))) == NULL) { + else if ((qelt = Xmalloc(sizeof(_XQEvent))) == NULL) { /* Malloc call failed! */ ESET(ENOMEM); -#ifdef NX_TRANS_SOCKET _XIOError(dpy); - +#ifdef NX_TRANS_SOCKET return; -#else - _XIOError(dpy); #endif } qelt->next = NULL; @@ -3590,10 +3592,10 @@ static int _XPrintDefaultError( mesg, BUFSIZ); fputs(" ", fp); (void) fprintf(fp, mesg, event->serial); - XGetErrorDatabaseText(dpy, mtype, "CurrentSerial", "Current Serial #%d", + XGetErrorDatabaseText(dpy, mtype, "CurrentSerial", "Current Serial #%lld", mesg, BUFSIZ); fputs("\n ", fp); - (void) fprintf(fp, mesg, dpy->request); + (void) fprintf(fp, mesg, (unsigned long long)(X_DPY_GET_REQUEST(dpy))); fputs("\n", fp); if (event->error_code == BadImplementation) return 0; return 1; @@ -3658,17 +3660,17 @@ int _XError ( return 0; if (_XErrorFunction != NULL) { int rtn_val; -#if defined(XTHREADS) && !USE_XCB +#ifdef XTHREADS if (dpy->lock) (*dpy->lock->user_lock_display)(dpy); UnlockDisplay(dpy); -#endif /* XTHREADS && !USE_XCB */ +#endif rtn_val = (*_XErrorFunction)(dpy, (XErrorEvent *)&event); /* upcall */ -#if defined(XTHREADS) && !USE_XCB +#ifdef XTHREADS LockDisplay(dpy); if (dpy->lock) (*dpy->lock->user_unlock_display)(dpy); -#endif /* XTHREADS && !USE_XCB */ +#endif return rtn_val; } else { return _XDefaultError(dpy, (XErrorEvent *)&event); @@ -3978,20 +3980,20 @@ void *_XGetRequest(Display *dpy, CARD8 type, size_t len) xReq *req; if (dpy->bufptr + len > dpy->bufmax) - _XFlush(dpy); + _XFlush(dpy); /* Request still too large, so do not allow it to overflow. */ if (dpy->bufptr + len > dpy->bufmax) { - fprintf(stderr, - "Xlib: request %d length %zd would exceed buffer size.\n", - type, len); - /* Changes failure condition from overflow to NULL dereference. */ - return NULL; + fprintf(stderr, + "Xlib: request %d length %zd would exceed buffer size.\n", + type, len); + /* Changes failure condition from overflow to NULL dereference. */ + return NULL; } if (len % 4) - fprintf(stderr, - "Xlib: request %d length %zd not a multiple of 4.\n", - type, len); + fprintf(stderr, + "Xlib: request %d length %zd not a multiple of 4.\n", + type, len); dpy->last_req = dpy->bufptr; @@ -3999,7 +4001,7 @@ void *_XGetRequest(Display *dpy, CARD8 type, size_t len) req->reqType = type; req->length = len / 4; dpy->bufptr += len; - dpy->request++; + X_DPY_REQUEST_INCREMENT(dpy); return req; } diff --git a/nx-X11/lib/src/xcms/LRGB.c b/nx-X11/lib/src/xcms/LRGB.c index 38cc6cfb4..4bfa3cfb1 100644 --- a/nx-X11/lib/src/xcms/LRGB.c +++ b/nx-X11/lib/src/xcms/LRGB.c @@ -795,6 +795,9 @@ LINEAR_RGB_InitSCCData( return(XcmsSuccess); +FreeBlueTblElements: + Xfree(pScreenData->pBlueTbl->pBase); + FreeBlueTbl: Xfree(pScreenData->pBlueTbl); diff --git a/nx-X11/lib/src/xcms/cmsColNm.c b/nx-X11/lib/src/xcms/cmsColNm.c index c6f1e0f31..829749112 100644 --- a/nx-X11/lib/src/xcms/cmsColNm.c +++ b/nx-X11/lib/src/xcms/cmsColNm.c @@ -314,7 +314,7 @@ field2( /* Find Field 1 */ while (!isgraph(*pBuf)) { - if ((*pBuf != '\n') || (*pBuf != '\0')) { + if ((*pBuf == '\n') || (*pBuf == '\0')) { return(XcmsFailure); } if (isspace(*pBuf) || (*pBuf == delim)) { diff --git a/nx-X11/lib/src/xcms/cmsProp.c b/nx-X11/lib/src/xcms/cmsProp.c index a7aa5b5c5..cb7bd10c6 100644 --- a/nx-X11/lib/src/xcms/cmsProp.c +++ b/nx-X11/lib/src/xcms/cmsProp.c @@ -142,6 +142,7 @@ _XcmsGetProperty( if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) { /* the property does not exist or is of an unexpected type or getting window property failed */ + XFree (prop_ret); return(XcmsFailure); } diff --git a/nx-X11/lib/src/xkb/XKBAlloc.c b/nx-X11/lib/src/xkb/XKBAlloc.c index 9c3430c1a..5621f713a 100644 --- a/nx-X11/lib/src/xkb/XKBAlloc.c +++ b/nx-X11/lib/src/xkb/XKBAlloc.c @@ -216,24 +216,22 @@ XkbFreeNames(XkbDescPtr xkb, unsigned which, Bool freeMap) type = map->types; for (i = 0; i < map->num_types; i++, type++) { - if (type->level_names != NULL) { _XkbFree(type->level_names); type->level_names = NULL; - } } } } - if ((which & XkbKeyNamesMask) && (names->keys != NULL)) { + if (which & XkbKeyNamesMask) { _XkbFree(names->keys); names->keys = NULL; names->num_keys = 0; } - if ((which & XkbKeyAliasesMask) && (names->key_aliases)) { + if (which & XkbKeyAliasesMask) { _XkbFree(names->key_aliases); names->key_aliases = NULL; names->num_key_aliases = 0; } - if ((which & XkbRGNamesMask) && (names->radio_groups)) { + if (which & XkbRGNamesMask) { _XkbFree(names->radio_groups); names->radio_groups = NULL; names->num_rg = 0; diff --git a/nx-X11/lib/src/xlibi18n/lcCT.c b/nx-X11/lib/src/xlibi18n/lcCT.c index 6e3f21e92..a2ff93c8a 100644 --- a/nx-X11/lib/src/xlibi18n/lcCT.c +++ b/nx-X11/lib/src/xlibi18n/lcCT.c @@ -1021,19 +1021,19 @@ cstoct( ) { while (csstr_len > 0 && ct_len > 0) { unsigned char ch = * (const unsigned char *) csptr; - int char_size = (ch < 0xc0 ? 1 : + int ch_size = (ch < 0xc0 ? 1 : ch < 0xe0 ? 2 : ch < 0xf0 ? 3 : ch < 0xf8 ? 4 : ch < 0xfc ? 5 : 6); int i; - if (!(csstr_len >= char_size && ct_len >= char_size)) + if (!(csstr_len >= ch_size && ct_len >= ch_size)) break; - for (i = char_size; i > 0; i--) + for (i = ch_size; i > 0; i--) *ctptr++ = *csptr++; - csstr_len -= char_size; - ct_len -= char_size; + csstr_len -= ch_size; + ct_len -= ch_size; } } else { while (csstr_len > 0 && ct_len > 0) { diff --git a/nx-X11/lib/src/xlibi18n/lcDB.c b/nx-X11/lib/src/xlibi18n/lcDB.c index cc14bed72..eb46f8fbd 100644 --- a/nx-X11/lib/src/xlibi18n/lcDB.c +++ b/nx-X11/lib/src/xlibi18n/lcDB.c @@ -781,7 +781,7 @@ f_right_brace( case S_VALUE: if (! store_to_database(db)) return 0; - /* fall into next case */ + /* fall through - to next case */ case S_CATEGORY: if (parse_info.name[parse_info.nest_depth] != NULL) { Xfree(parse_info.name[parse_info.nest_depth]); diff --git a/nx-X11/lib/src/xlibi18n/lcGeneric.c b/nx-X11/lib/src/xlibi18n/lcGeneric.c index 58ee5d27c..f816fee77 100644 --- a/nx-X11/lib/src/xlibi18n/lcGeneric.c +++ b/nx-X11/lib/src/xlibi18n/lcGeneric.c @@ -77,6 +77,7 @@ create( return lcd; err: + Xfree(lcd->core); Xfree(lcd); return (XLCd) NULL; } diff --git a/nx-X11/lib/src/xlibi18n/lcPublic.c b/nx-X11/lib/src/xlibi18n/lcPublic.c index 98a7435fd..f35f17a63 100644 --- a/nx-X11/lib/src/xlibi18n/lcPublic.c +++ b/nx-X11/lib/src/xlibi18n/lcPublic.c @@ -97,6 +97,7 @@ create( return lcd; err: + Xfree(lcd->core); Xfree(lcd); return (XLCd) NULL; } |