From e2f5d079ddb22a10a52731330309cd5c32128c21 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sat, 4 Jul 2015 00:11:59 +0200 Subject: nx-X11: Backport: RRModeCreate: plug memory leak of newModes if AddResource fails Reported by parfait 1.0: Error: Memory leak (CWE 401) Memory leak of pointer 'newModes' allocated with realloc(((char*)modes), ((num_modes + 1) * 8)) at line 93 of randr/rrmode.c in function 'RRModeCreate'. pointer allocated at line 82 with realloc(((char*)modes), ((num_modes + 1) * 8)). Error: Memory leak (CWE 401) Memory leak of pointer 'newModes' allocated with malloc(8) at line 93 of randr/rrmode.c in function 'RRModeCreate'. pointer allocated at line 84 with malloc(8). Signed-off-by: Alan Coopersmith Reviewed-by: Keith Packard Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan) --- debian/changelog | 6 ++++ ...deCreate-plug-memory-leak-of-newMode.full.patch | 42 ++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 49 insertions(+) create mode 100644 debian/patches/1255_nx-X11_RRModeCreate-plug-memory-leak-of-newMode.full.patch diff --git a/debian/changelog b/debian/changelog index 7b82e2d3a..62a064cbb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -293,6 +293,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low v3: backport to nx-libs 3.5.0.x (Mihai Moldovan) Adds: - 1254_nx-X11_randr-fix-server-crash-in-RRGetScreenInf.full.patch + * nx-X11: RRModeCreate: plug memory leak of newModes if AddResource fails + Backported from Arctica GH 3.6.x branch. + v2: backport to nx-libs 3.6.x (Ulrich Sibiller) + v3: backport to nx-libs 3.5.0.x (Mihai Moldovan) + Adds: + - 1255_nx-X11_RRModeCreate-plug-memory-leak-of-newMode.full.patch -- X2Go Release Manager Tue, 17 Mar 2015 19:19:32 +0100 diff --git a/debian/patches/1255_nx-X11_RRModeCreate-plug-memory-leak-of-newMode.full.patch b/debian/patches/1255_nx-X11_RRModeCreate-plug-memory-leak-of-newMode.full.patch new file mode 100644 index 000000000..f33dce9c2 --- /dev/null +++ b/debian/patches/1255_nx-X11_RRModeCreate-plug-memory-leak-of-newMode.full.patch @@ -0,0 +1,42 @@ +commit 0fc419314b3bbafa873207dafa57ce92b4b9e1e1 +Author: Alan Coopersmith +Date: Sat Jul 14 11:21:15 2012 -0700 + + Backport: RRModeCreate: plug memory leak of newModes if AddResource fails + + Reported by parfait 1.0: + + Error: Memory leak (CWE 401) + Memory leak of pointer 'newModes' allocated with realloc(((char*)modes), ((num_modes + 1) * 8)) + at line 93 of randr/rrmode.c in function 'RRModeCreate'. + pointer allocated at line 82 with realloc(((char*)modes), ((num_modes + 1) * 8)). + Error: Memory leak (CWE 401) + Memory leak of pointer 'newModes' allocated with malloc(8) + at line 93 of randr/rrmode.c in function 'RRModeCreate'. + pointer allocated at line 84 with malloc(8). + + Signed-off-by: Alan Coopersmith + Reviewed-by: Keith Packard + + Backported from Arctica GH 3.6.x branch. + + v2: backport to nx-libs 3.6.x (Ulrich Sibiller) + v3: backport to nx-libs 3.5.0.x (Mihai Moldovan) + +diff --git a/nx-X11/programs/Xserver/randr/rrmode.c b/nx-X11/programs/Xserver/randr/rrmode.c +index 09c0113..43ffe07 100644 +--- a/nx-X11/programs/Xserver/randr/rrmode.c ++++ b/nx-X11/programs/Xserver/randr/rrmode.c +@@ -98,8 +98,10 @@ RRModeCreate (xRRModeInfo *modeInfo, + } + + mode->mode.id = FakeClientID(0); +- if (!AddResource (mode->mode.id, RRModeType, (pointer) mode)) +- return NULL; ++ if (!AddResource(mode->mode.id, RRModeType, (pointer) mode)) { ++ free(newModes); ++ return NULL; ++ } + modes = newModes; + modes[num_modes++] = mode; + diff --git a/debian/patches/series b/debian/patches/series index 8169c803a..95e6985a9 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -141,6 +141,7 @@ 1252_nx-X11_Free-randr-crtc-and-output-pointer-array.full.patch 1253_nx-X11_randr-check-for-virtual-size-limits-befo.full.patch 1254_nx-X11_randr-fix-server-crash-in-RRGetScreenInf.full.patch +1255_nx-X11_RRModeCreate-plug-memory-leak-of-newMode.full.patch 9900-dxpc-license-history.full+lite.patch 0016_nx-X11_install-location.debian.patch 0102_xserver-xext_set-securitypolicy-path.debian.patch -- cgit v1.2.3