| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Nothing in the XKB spec states that the memory pointed to by ctrls has to
be initialized to any given value when passed to the function, only that
it is set by the function to the values returned by the X server:
http://www.x.org/releases/X11R7.7/doc/libX11/XKB/xkblib.html#The_Miscellaneous_Per_client_Controls
The check for the incoming value seems to be copied from
XkbSetPerClientControls without explanation.
Instead change it to checking if ctrls is non-NULL, since there's no
point asking the X server to return a value the caller won't even see.
Found while investigating report from cppcheck-1.65:
[nx-X11/lib/X11/XKB.c:699] -> [nx-X11/lib/X11/XKB.c:719]: (warning) Possible null pointer
dereference: ctrls - otherwise it is redundant to check it against null.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check is intended to ensure we allocate at least XkbNumRequiredTypes
in map, but was accidentally marked with a ! causing the wrong check.
Reported-by: Harms <wharms@bfs,de>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Do not use variables before checked for NULL.
* remove some superfluid spaces (Mark Kettenis)
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
remove more redundant NULL checks
note that _XkbFree() is really Xfree()
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Rémi Cardona <remi@gentoo.org>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch removes the last remaining NULL checks for Xfree()
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch removes some redundant null checks before free.
It should not change the code otherwise. Be aware that this
is only the first series.
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Do not use variables before checked for NULL.
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Do not use variables before checked for NULL.
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Do not use variables before checked for NULL.
Signed-off-by: Harms <wharms@bfs,de>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When XCB owns the X socket, dpy->request is not updated, so
NextRequest() and XNextRequest() return the wrong value. There's
nothing we can do to fix NextRequest() while retaining ABI compat,
but change XNextRequest() to grab the socket back from XCB,
updating dpy->request.
Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
Reviewed-by: Uli Schlachter <psychon@znc.in>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>:
Added #ifdefs to be aware of changes regarding XCB in case we later
switch to XCB.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The build doesn't provide any way to define this option. It also refers
to files (imComp.h) and functions (e.g. XimCompInitTables(),
XimCompProcessSym()) which are not found anywhere, and the ordinary
Compose implementation in xim doesn't use any of it.
Signed-off-by: Ran Benita <ran234@gmail.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Flagged by cppcheck 1.62:
[lib/libX11/nx-X11/lib/X11/XKBGeom.c:479] -> [lib/libX11/nx-X11/lib/X11/XKBGeom.c:480]:
(warning) Possible null pointer dereference: row - otherwise it is
redundant to check it against null.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
clear & selectAll are set to 0 already a few lines earlier,
affectWhich is set to XkbMapNotifyMask a few lines later.
None are used between the other assignments and the removed ones.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See http://sourceware.org/bugzilla/show_bug.cgi?id=10948
Currently, if the locale is UTF-8, no CJK fonts are installed, and someone
does XCreateFontSet() with a font name of "*", we end up asking the server
to list the (non-existent) fonts 11 times for each CJK encoding, which can
take a while.
A * wildcard can match multiple components in a XLFD name in XListFonts(),
so there's no need to try adding more than one to get a match.
We do try once with a leading '*-' in case the fontname isn't a full
well-formed XLFD name, maybe even that isn't needed?
(See also http://invisible-island.net/xterm/xterm.faq.html#slow_menus)
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
C89 or bust! This was documented as being needed for "only Lynx,
Linux-libc5, OS/2" and has never been enabled in modular builds,
since none of those platforms have had anyone step up to add support
since the X11R7 conversion to autotools.
Mostly performed with unifdef -UX_LOCALE, followed by removal of files
left without any purpose, and manual cleanup of remaining references.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| | |
Pass *new* size to realloc, not old size.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Leftover from when these XKB files were shared with the server sources
and could be compiled in either the client or server, with the different
autoconf config files in each.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Little things noticed during XKB restyling that seemed to make the
code easier to read.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were checking to make sure that the largest keysym value was within
the range of the allocated buffer, but checking against different limits
in the not-yet-allocated vs. the already-allocated branches.
The check should be the same in both, and reflect the size used for the
allocation, which is based on the maximum key code value, so we move it
to be a common check, before we branch, instead of duplicating in each
branch.
map->key_sym_map is an array of XkbSymMapRec structs, [0..max_key_code]
map->syms is the array for which num_syms is recorded, hence is not the
right value to check for ensuring our key_sym_map accesses are in range.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reported-by: Barry Kauler <bkauler@gmail.com>
Tested-by: Barry Kauler <bkauler@gmail.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I can find no record of what this file was for. Neither the X11R6.8.2
monolith Imakefile nor any modular release Makefile.am have ever built
it and nothing else references it.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Left one cast behind that is necessary to change from const char *
to char * in nx-X11/lib/X11/lcCharSet.c.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
sizeof() returns size_t, malloc() & calloc() expect sizes in size_t,
don't strip down to unsigned int and re-expand unnecessarily.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The array is defined as having NUM_LOCALEDIR entries, so use that
instead of hardcoded 256 value (the other two calls already did this).
Reported by parfait:
Buffer overflow (CWE 120): In pointer dereference of argv[argc] with index argc
Pointer size is 64 elements (of 8 bytes each), index is 255
at line 82 of nx-X11/lib/X11/lcFile.c in function 'parse_line'.
called at line 178 in function '_XlcParsePath' with argv = argv.
called at line 722 in function '_XlcLocaleLibDirName' with argv = args, argsize = 256.
at line 82 of nx-X11/lib/X11/lcFile.c in function 'parse_line'.
called at line 178 in function '_XlcParsePath' with argv = argv.
called at line 638 in function '_XlcLocaleDirName' with argv = args, argsize = 256.
[ This bug was found by the Parfait 1.2.0 bug checking tool.
http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
imRm.c: In function '_XimSetICMode':
imRm.c:2419:37: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
imRm.c:2420:30: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
lcGenConv.c: In function 'byteM_parse_codeset':
lcGenConv.c:345:13: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add const qualifiers to casts where needed, remove other casts that
are no longer needed.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of reusing the input parameter to store the output, make a
result variable instead, so that there's less const confusion.
Fixes gcc warnings:
lcWrap.c: In function 'XSetLocaleModifiers':
lcWrap.c:87:18: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
lcWrap.c:91:25: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
lcWrap.c:93:12: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Makes code considerably less crufty and clears gcc warnings:
XlcDL.c: In function '_XlcDynamicLoad':
XlcDL.c:384:44: warning: cast discards '__attribute__((const))' qualifier
from pointer target type [-Wcast-qual]
XlcDL.c:386:51: warning: cast discards '__attribute__((const))' qualifier
from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Strings from the supported_charset_list[] were being copied one by
one to a stack buffer, and then strdup called on that buffer.
Instead, just strdup the original string, without the local copy,
and use a more traditional for loop, so it's easier to figure out
what the code is doing (cleaning up a gcc const-cast warning in
the process).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This function performs operations on a region, and when finished,
checks to see if it should compact the rectangle list. If the
number of rectangles for which memory is allocated in the list is
more than twice the number used, it tries to shrink. realloc()
should not fail in this case, but if it does, might as well keep
the correct value for the number of allocated rectangles, so we
don't try to grow it unnecessarily later if adding to the region.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Zero out the region size when freeing the region so callers don't think
there's anything there. (Pointer is already set to NULL from the realloc
result itself.) Return 0 to the callers, and have them cascade that back
to their callers to indicate failure, instead of their usual return value
of 1 on success.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, if realloc failed to increase the size, we'd still
record that we had allocated the larger size, but the pointer
to it would be NULL, causing future calls to be broken, and the
previous allocation to be lost/leaked.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previous code seemed to assume that printf("%s", NULL) would result
in a 0-length string, not "(null)" or similar, but since there's no
point looking for files in "(null)/filepath...", instead we just
skip over NULL entries in search paths when generating file names.
In the *DirName() functions, this effectively just moves the "bail on
NULL in arg[i]" check up from the later code that assigned it to targetdir
and then bailed if that was NULL.
Not sure how there ever could be a NULL in arg[i], given the current
implementation of XlcParsePath, but it's easy enough to check once and
reject up front instead of on every reference.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
File Leak: Leaked File fp
at line 219 of lib/libX11/nx-X11/lib/X11/XlcDL.c in function 'resolve_object'.
fp initialized at line 198 with fopen
[ This bug was found by the Parfait 1.2.0 bug checking tool.
http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix bogus timestamp generted by XIM due to uninitialized
data field. Also set appropriate serial, too.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=39367
Signed-off-by: Chiaki ISHIKAWA <ishikawa@yk.rim.or.jp>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
place.
When synthesized key events are sent on commit XIM sets the 'fabricated'
flag so that the keypress handler knows that these were not real events.
This also happens when committing due to the loss of focus. However in this
case the keypress/release filters which consume and unset this flag are no
longer in the filter chain.
So the flag is erronously set when a real keyboard event is received after
focus has been regained. So the first event is wrongly treated as a
fabricated key in the keypress handler which will at the same time reset
the flag so the second key event is treated correctly.
This fix only sets the flag when at least one of the keyboard filters is in
place.
How to reproduce this bug: run scim, choose a Japanese input method start
two instances of xterm: start typing in one xterm (this should pop up an
IM window). Without comitting (hitting 'enter') move focus to the other
xterm, then move focus back. Start typing again. The first character will
be committed immediately without popping up an input window.
With this fix this behavior is gone.
See also: https://bugzilla.novell.com/show_bug.cgi?id=239698
Signed-off-by: Egbert Eich <eich@freedesktop.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| | |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Handle arbitrary length data in the same fashion as other calls,
avoiding need to ensure it fits all in the request buffer.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Two users of GetReqExtra pass arbitrarily sized allocations from the
caller (ModMap and Host). Adjust _XGetRequest() (called by the GetReqExtra
macro) to double-check the requested length and invalidate "req" when
this happens. Users of GetReqExtra passing lengths greater than the Xlib
buffer size (normally 16K) must check "req" and fail gracefully instead
of crashing.
Any callers of GetReqExtra that do not check "req" for NULL
will experience this change, in the pathological case, as a NULL
dereference instead of a buffer overflow. This is an improvement, but
the documentation for GetReqExtra has been updated to reflect the need
to check the value of "req" after the call.
Bug that manifested the problem:
https://bugs.launchpad.net/ubuntu/+source/x11-xserver-utils/+bug/792628
Signed-off-by: Kees Cook <kees@outflux.net>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|