[PATCH wayland] server: fix potential memleak and NULL deref
U. Artie Eoff
ullysses.a.eoff at intel.com
Mon May 5 16:28:26 PDT 2014
If for some reason that errno is neither value (ENOMEM or
EINVAL), then prior to this patch, there would be a NULL
deref in wl_closure_lookup(...) at the "else if" conditional
when closure == NULL. Also, closure might not be NULL but still
fall into the block due to the wl_closure_lookup < 0 condition...
in that case, we need to destroy the closure to avoid a memory
leak.
Currently, wl_connection_demarshal only sets errno to ENOMEM
or EINVAL... we've already checked for ENOMEM so remove check
for EINVAL (just assume it). Also, call wl_closure_destroy(...)
unconditionally in the "else if" block (assume it can handle
NULL closure, too, which it does right now).
Signed-off-by: U. Artie Eoff <ullysses.a.eoff at intel.com>
---
src/wayland-server.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/wayland-server.c b/src/wayland-server.c
index f2b1b42..e850d48 100644
--- a/src/wayland-server.c
+++ b/src/wayland-server.c
@@ -313,7 +313,7 @@ wl_client_connection_data(int fd, uint32_t mask, void *data)
if (closure == NULL && errno == ENOMEM) {
wl_resource_post_no_memory(resource);
break;
- } else if ((closure == NULL && errno == EINVAL) ||
+ } else if (closure == NULL ||
wl_closure_lookup_objects(closure, &client->objects) < 0) {
wl_resource_post_error(client->display_resource,
WL_DISPLAY_ERROR_INVALID_METHOD,
@@ -321,6 +321,7 @@ wl_client_connection_data(int fd, uint32_t mask, void *data)
object->interface->name,
object->id,
message->name);
+ wl_closure_destroy(closure);
break;
}
--
1.9.0
More information about the wayland-devel
mailing list