From 8ff526111bfc6ca8d2384c4d4962b8e8ff3621f9 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Fri, 4 Jun 2010 13:20:17 -0700 Subject: LINEAR_RGB_InitSCCData: When malloc fails, don't try to free unallocated bits One of the malloc failure checks had a goto to the wrong spot in the list of cleanup free() calls to unwind at the end, and was freeing bits that hadn't been initialized/allocated yet, since they would be stored in the struct that just failed to be allocated. Error: Null pointer dereference (CWE 476) Read from pointer that could be constant 'NULL' at line 805 of /export/alanc/X.Org/sx86/lib/libX11/nx-X11/lib/X11/LRGB.c in function 'LINEAR_RGB_InitSCCData'. Pointer checked against constant 'NULL' at line 754 but does not protect the dereference. [ This bug was found by the Parfait bug checking tool. For more information see http://research.sun.com/projects/parfait ] Signed-off-by: Alan Coopersmith Backported-to-NX-by: Ulrich Sibiller --- nx-X11/lib/X11/LRGB.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nx-X11/lib/X11/LRGB.c') diff --git a/nx-X11/lib/X11/LRGB.c b/nx-X11/lib/X11/LRGB.c index dbdddb457..bc1bfd92b 100644 --- a/nx-X11/lib/X11/LRGB.c +++ b/nx-X11/lib/X11/LRGB.c @@ -753,7 +753,7 @@ LINEAR_RGB_InitSCCData( /* Blue Intensity Table */ if (!(pScreenData->pBlueTbl = (IntensityTbl *) Xcalloc (1, sizeof(IntensityTbl)))) { - goto FreeBlueTblElements; + goto FreeGreenTblElements; } if (_XcmsGetTableType1(pScreenData->pBlueTbl, format_return, &pChar, &nitems) == XcmsFailure) { -- cgit v1.2.3