[Xcb] [Bug 19137] New: unchecked malloc in _XConnectXCB would crash

Wed Dec 17 07:07:37 PST 2008

http://bugs.freedesktop.org/show_bug.cgi?id=19137

           Summary: unchecked malloc in _XConnectXCB would crash
           Product: XCB
           Version: 1.1
          Platform: Other
               URL: http://mxr.maemo.org/diablo/source/libx11-
                    1.1.1/src/xcb_disp.c?mark=70-71#52
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Library
        AssignedTo: xcb at lists.freedesktop.org
        ReportedBy: timeless at gmail.com

http://www.google.com/codesearch?hl=en&q=_XConnectXCB+show:Msehaq5JPo8:IlPxvTnbrRo:uM-ph63AD7E&sa=N&cd=1&ct=rc&cs_p=http://ftp.osuosl.org/pub/nslu2/sources/x11-6.2.1%2Bcvs20050209.tar.gz&cs_f=X11/src/xcl/display.c#l79

please excuse the code reference if it isn't current.

my starting point was this:
http://mxr.maemo.org/diablo/source/libx11-1.1.1/src/xcb_disp.c?mark=70-71#52

and i tried to find an lxr for upstream, but failed, i've pinged daniels about
helping.

int _XConnectXCB(Display *dpy, _Xconst char *display, char **fullnamep, int
*screenp)
...
        dpy->xcl = Xcalloc(1, sizeof(XCLPrivate));
        if(!dpy->xcl)
                return 0;
-- so, you do check allocs --
                *fullnamep = Xmalloc(len);
-- you didn't check this alloc --
                snprintf(*fullnamep, len, "%s:%d.%d", host, n, *screenp);
-- this will crash --

I don't understand the xcb versioning, so please excuse me if i got it wrong.

-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.