[Spice-commits] 7 commits - common/backtrace.c common/lines.c common/lz_compress_tmpl.c common/quic.c common/ssl_verify.c common/ssl_verify.h
Christophe Fergau
teuf at kemper.freedesktop.org
Tue Jan 7 04:56:21 PST 2014
common/backtrace.c | 1 -
common/lines.c | 12 +++++-------
common/lz_compress_tmpl.c | 2 --
common/quic.c | 2 ++
common/ssl_verify.c | 20 +++++++++-----------
common/ssl_verify.h | 1 -
6 files changed, 16 insertions(+), 22 deletions(-)
New commits:
commit 6175014ed77be6d1acd6420e36ca6582b573532c
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Fri Jan 3 16:41:55 2014 +0100
ssl: Don't use uninitialized variable in verify_subject()
If verify_subject() is called with a SpiceOpenSSLVerify struct containing a
non-NULL 'in_subject' member, it would try to use the local 'in_entries'
variable without having initialized it first. This could happen if
verify_subject() was called multiple time with the same SpiceOpenSSLVerify
context, which probably isn't occurring the way we are using it.
However, since verify_subject() is the only method which needs in_subject,
we don't need to have it stored in SpiceOpenSSLVerify, and we can
recreate it as needed locally in that method, which avoids that issue.
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 8fdeaa0..a830800 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -357,6 +357,7 @@ fail:
static int verify_subject(X509* cert, SpiceOpenSSLVerify* verify)
{
X509_NAME *cert_subject = NULL;
+ X509_NAME* in_subject;
int ret;
int in_entries;
@@ -371,22 +372,21 @@ static int verify_subject(X509* cert, SpiceOpenSSLVerify* verify)
return 0;
}
- if (!verify->in_subject) {
- verify->in_subject = subject_to_x509_name(verify->subject, &in_entries);
- if (!verify->in_subject) {
- spice_debug("warning: no in_subject!");
- return 0;
- }
+ in_subject = subject_to_x509_name(verify->subject, &in_entries);
+ if (!in_subject) {
+ spice_debug("warning: no in_subject!");
+ return 0;
}
/* Note: this check is redundant with the pre-condition in X509_NAME_cmp */
if (X509_NAME_entry_count(cert_subject) != in_entries) {
spice_debug("subject mismatch: #entries cert=%d, input=%d",
X509_NAME_entry_count(cert_subject), in_entries);
+ X509_NAME_free(in_subject);
return 0;
}
- ret = X509_NAME_cmp(cert_subject, verify->in_subject);
+ ret = X509_NAME_cmp(cert_subject, in_subject);
if (ret == 0) {
spice_debug("subjects match");
@@ -398,10 +398,11 @@ static int verify_subject(X509* cert, SpiceOpenSSLVerify* verify)
spice_debug("cert_subject: %s", p);
free(p);
- p = X509_NAME_oneline(verify->in_subject, NULL, 0);
+ p = X509_NAME_oneline(in_subject, NULL, 0);
spice_debug("in_subject: %s", p);
free(p);
}
+ X509_NAME_free(in_subject);
return !ret;
}
@@ -533,9 +534,6 @@ void spice_openssl_verify_free(SpiceOpenSSLVerify* verify)
free(verify->subject);
free(verify->hostname);
- if (verify->in_subject)
- X509_NAME_free(verify->in_subject);
-
if (verify->ssl)
SSL_set_app_data(verify->ssl, NULL);
free(verify);
diff --git a/common/ssl_verify.h b/common/ssl_verify.h
index 37c123e..bfbd8a4 100644
--- a/common/ssl_verify.h
+++ b/common/ssl_verify.h
@@ -54,7 +54,6 @@ typedef struct {
char *pubkey;
size_t pubkey_size;
char *subject;
- X509_NAME *in_subject;
} SpiceOpenSSLVerify;
SpiceOpenSSLVerify* spice_openssl_verify_new(SSL *ssl, SPICE_SSL_VERIFY_OP verifyop,
commit a4f4ddf56c77f84fc41e1eac6fca23a0d9cc0e33
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Fri Jan 3 16:31:34 2014 +0100
mi: Fix shadow warnings
Based off a xserver commit from Yaakov Selkowitz:
http://cgit.freedesktop.org/xorg/xserver/commit/mi/mispans.c?id=f02e27e4fcc34413b2051e5a01edc92172fa8612
diff --git a/common/lines.c b/common/lines.c
index 5b26662..4f404f1 100644
--- a/common/lines.c
+++ b/common/lines.c
@@ -806,8 +806,6 @@ miFillUniqueSpanGroup (GCPtr pGC, SpanGroup * spanGroup, Boolean foreground)
newwidths = xrealloc (newspans->widths,
ysizes[index] * sizeof (int));
if (!newpoints || !newwidths) {
- int i;
-
for (i = 0; i < ylength; i++) {
xfree (yspans[i].points);
xfree (yspans[i].widths);
@@ -838,8 +836,6 @@ miFillUniqueSpanGroup (GCPtr pGC, SpanGroup * spanGroup, Boolean foreground)
points = (DDXPointRec*)xalloc (count * sizeof (DDXPointRec));
widths = (int *)xalloc (count * sizeof (int));
if (!points || !widths) {
- int i;
-
for (i = 0; i < ylength; i++) {
xfree (yspans[i].points);
xfree (yspans[i].widths);
commit ae39a05620706af3a3a6590baa66729ae6bde6e1
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Fri Jan 3 16:25:20 2014 +0100
mi: fix memory leak in miFillUniqueSpanGroup
This is based off the corresponding xserver commit from Tiago Vignatti:
http://cgit.freedesktop.org/xorg/xserver/commit/mi/mispans.c?id=7ae46b69ba3f05f46529131e6a864904967cde3a
Since xrealloc is #defined to spice_realloc which aborts on failure, this
block is dead code, but I prefer to stay as close as possible to the
upstream xserver code this is based on.
diff --git a/common/lines.c b/common/lines.c
index adf1479..5b26662 100644
--- a/common/lines.c
+++ b/common/lines.c
@@ -814,6 +814,8 @@ miFillUniqueSpanGroup (GCPtr pGC, SpanGroup * spanGroup, Boolean foreground)
}
xfree (yspans);
xfree (ysizes);
+ xfree (newpoints);
+ xfree (newwidths);
miDisposeSpanGroup (spanGroup);
return;
}
commit d8e49b71d4dcddc9f1bdf78e759d0d30a2e48934
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Fri Jan 3 16:21:55 2014 +0100
mi: Avoid stack smash when drawing dashed lines
Based off Peter Harris's xserver commit
http://cgit.freedesktop.org/xorg/xserver/commit/mi/miwideline.c?id=20c2a3bcb11b5baf564e2c73a477ba23f5ae2b10
diff --git a/common/lines.c b/common/lines.c
index 8b15e79..adf1479 100644
--- a/common/lines.c
+++ b/common/lines.c
@@ -2507,7 +2507,7 @@ miLineProjectingCap (GCPtr pGC, Boolean foreground,
{
int xorgi = 0, yorgi = 0;
int lw;
- PolyEdgeRec lefts[2], rights[2];
+ PolyEdgeRec lefts[4], rights[4];
int lefty, righty, topy, bottomy;
PolyEdgePtr left, right;
PolyEdgePtr top, bottom;
@@ -2665,7 +2665,7 @@ miWideSegment (GCPtr pGC,
PolyEdgePtr top, bottom;
int lefty, righty, topy, bottomy;
int signdx;
- PolyEdgeRec lefts[2], rights[2];
+ PolyEdgeRec lefts[4], rights[4];
LineFacePtr tface;
int lw = pGC->lineWidth;
@@ -2982,7 +2982,7 @@ miWideDashSegment (GCPtr pGC,
PolyVertexRec vertices[4];
PolyVertexRec saveRight = { 0 }, saveBottom;
PolySlopeRec slopes[4];
- PolyEdgeRec left[2], right[2];
+ PolyEdgeRec left[4], right[4];
LineFaceRec lcapFace, rcapFace;
int nleft, nright;
int h;
commit ead4b8810ad1e5d8c3dedbec940e7c7348d4fcdf
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Thu Jan 2 18:13:47 2014 +0100
quic: Add missing break; in switch/case
Unhandled values call an error callback, and then fall through the default:
case, which will call again the error callback. This commit adds some
break; after these cases to avoid this.
diff --git a/common/quic.c b/common/quic.c
index bcbf093..2cffde5 100644
--- a/common/quic.c
+++ b/common/quic.c
@@ -943,8 +943,10 @@ static void find_model_params(Encoder *encoder,
case 2: /* obsolete */
case 4: /* obsolete */
encoder->usr->error(encoder->usr, "findmodelparams(): evol value obsolete!!!\n");
+ break;
default:
encoder->usr->error(encoder->usr, "findmodelparams(): evol out of range!!!\n");
+ break;
}
*nbuckets = 0;
commit 793e5d0350c953c3f2a1177cac158e0a80c220a6
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Thu Jan 2 18:09:26 2014 +0100
backtrace: Don't attempt to call seteuid(0)
We are mostly likely not running as root, so this call will fail. As we are
supposed to check its return value as it's declared with
warn_unused_result, the current way of using it is wrong, so this commit just
removes the call.
diff --git a/common/backtrace.c b/common/backtrace.c
index 305bbad..1b7fab3 100644
--- a/common/backtrace.c
+++ b/common/backtrace.c
@@ -78,7 +78,6 @@ static int spice_backtrace_gstack(void)
/* CHILD */
char parent[16];
- seteuid(0);
close(STDIN_FILENO);
close(STDOUT_FILENO);
dup2(pipefd[1],STDOUT_FILENO);
commit 6674e1c136774243ff08f07a26e2ae02c260bbd1
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Thu Jan 2 18:08:57 2014 +0100
Remove unused variable
It was assigned a value, but then the value was never used.
diff --git a/common/lz_compress_tmpl.c b/common/lz_compress_tmpl.c
index 2b66833..b5d0049 100644
--- a/common/lz_compress_tmpl.c
+++ b/common/lz_compress_tmpl.c
@@ -479,11 +479,9 @@ static void FNAME(compress)(Encoder *encoder)
LzImageSegment *cur_seg = encoder->head_image_segs;
HashEntry *hslot;
PIXEL *ip;
- PIXEL *ip_start;
// fetch the first image segment that is not too small
while (cur_seg && ((((PIXEL *)cur_seg->lines_end) - ((PIXEL *)cur_seg->lines)) < 4)) {
- ip_start = (PIXEL *)cur_seg->lines;
// coping the segment
if (cur_seg->lines != cur_seg->lines_end) {
ip = (PIXEL *)cur_seg->lines;
More information about the Spice-commits
mailing list