[PATCH] xkb: Fix use of uninitalised memory upon second keyboard init
Benjamin Close
Benjamin.Close at clearchain.com
Wed Feb 25 21:52:56 PST 2009
When allocating a second keyboard structure xkbGetRulesDflt
is called to get the defaults for rmlvo.
With the second keyboard instance these defaults
were the values previously allocated in the first call to
XkbSetRulesDflt; rmlvo is then assigned this value.
rmlvo is then passed into InitKeyboardDeviceStruct which in turn
calls xkbSetRulesDflt. xkbSetRulesDflts did:
if( xkbRulesDflt )
_XkbFree(XkbRulesDflt);
XkbRulesDflt= (rmlvo->rules?_XkbDupString(rmlvo->rules):NULL);
Problem was by freeing XkbRulesDflt, rmlvo->rules was also freed
hence the dup returned bogus data.
Fix this problem for both the Dflts and the Used cases.
Signed-off-by: Benjamin Close <Benjamin.Close at clearchain.com>
---
xkb/xkbInit.c | 54 ++++++++++++++++++++++++++++++++++--------------------
1 files changed, 34 insertions(+), 20 deletions(-)
diff --git a/xkb/xkbInit.c b/xkb/xkbInit.c
index 1f5f8dc..770c980 100644
--- a/xkb/xkbInit.c
+++ b/xkb/xkbInit.c
@@ -193,21 +193,28 @@ char * pval;
static void
XkbSetRulesUsed(XkbRMLVOSet *rmlvo)
{
- if (XkbRulesUsed)
- _XkbFree(XkbRulesUsed);
+ char *temp;
+
+ temp = XkbRulesUsed;
XkbRulesUsed= (rmlvo->rules?_XkbDupString(rmlvo->rules):NULL);
- if (XkbModelUsed)
- _XkbFree(XkbModelUsed);
+ if (temp)
+ _XkbFree(temp);
+ temp = XkbModelUsed;
XkbModelUsed= (rmlvo->model?_XkbDupString(rmlvo->model):NULL);
- if (XkbLayoutUsed)
- _XkbFree(XkbLayoutUsed);
+ if (temp)
+ _XkbFree(temp);
+ temp = XkbLayoutUsed;
XkbLayoutUsed= (rmlvo->layout?_XkbDupString(rmlvo->layout):NULL);
- if (XkbVariantUsed)
- _XkbFree(XkbVariantUsed);
+ if (temp)
+ _XkbFree(temp);
+ temp = XkbVariantUsed;
XkbVariantUsed= (rmlvo->variant?_XkbDupString(rmlvo->variant):NULL);
- if (XkbOptionsUsed)
- _XkbFree(XkbOptionsUsed);
+ if (temp)
+ _XkbFree(temp);
+ temp = XkbOptionsUsed;
XkbOptionsUsed= (rmlvo->options?_XkbDupString(rmlvo->options):NULL);
+ if (temp)
+ _XkbFree(temp);
if (XkbWantRulesProp)
QueueWorkProc(XkbWriteRulesProp,NULL,NULL);
return;
@@ -216,30 +223,37 @@ XkbSetRulesUsed(XkbRMLVOSet *rmlvo)
void
XkbSetRulesDflts(XkbRMLVOSet *rmlvo)
{
+ char *temp;
+
if (rmlvo->rules) {
- if (XkbRulesDflt)
- _XkbFree(XkbRulesDflt);
+ temp = XkbRulesDflt;
XkbRulesDflt= _XkbDupString(rmlvo->rules);
+ if (temp)
+ _XkbFree(temp);
}
if (rmlvo->model) {
- if (XkbModelDflt)
- _XkbFree(XkbModelDflt);
+ temp = XkbModelDflt;
XkbModelDflt= _XkbDupString(rmlvo->model);
+ if (temp)
+ _XkbFree(temp);
}
if (rmlvo->layout) {
- if (XkbLayoutDflt)
- _XkbFree(XkbLayoutDflt);
+ temp = XkbLayoutDflt;
XkbLayoutDflt= _XkbDupString(rmlvo->layout);
+ if (temp)
+ _XkbFree(temp);
}
if (rmlvo->variant) {
- if (XkbVariantDflt)
- _XkbFree(XkbVariantDflt);
+ temp = XkbVariantDflt;
XkbVariantDflt= _XkbDupString(rmlvo->variant);
+ if (temp)
+ _XkbFree(temp);
}
if (rmlvo->options) {
- if (XkbOptionsDflt)
- _XkbFree(XkbOptionsDflt);
+ temp = XkbOptionsDflt;
XkbOptionsDflt= _XkbDupString(rmlvo->options);
+ if (temp)
+ _XkbFree(temp);
}
return;
}
--
1.6.0.2
More information about the xorg-devel
mailing list