libXt: Changes to 'master'

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Mon Apr 22 00:17:15 UTC 2019 

 src/Event.c     |   17 +++++------------
 src/Intrinsic.c |   12 ++++++++----
 src/ResConfig.c |    1 +
 src/TMgrab.c    |   10 ++++++++--
 src/TMparse.c   |    6 +++++-
 5 files changed, 27 insertions(+), 19 deletions(-)

New commits:
commit ba4ec937680ee72f2fcd463752766340a4b3729d
Author: Benjamin Tissoires <benjamin.tissoires at gmail.com>
Date:   Thu Apr 11 17:21:17 2019 +0200

    Fix covscan complain
    
    covscan gets confused by the test before the XtFree.
    
    Error: RESOURCE_LEAK (CWE-772):
    libXt-20190411/src/Event.c:743: alloc_fn: Storage is returned from allocation function "__XtMalloc".
    libXt-20190411/src/Event.c:743: var_assign: Assigning: "proc" = storage returned from "__XtMalloc((Cardinal)((size_t)numprocs * 16UL))".
    libXt-20190411/src/Event.c:745: var_assign: Assigning: "closure" = "proc".
    libXt-20190411/src/Event.c:776: leaked_storage: Variable "closure" going out of scope leaks the storage it points to.
    libXt-20190411/src/Event.c:776: leaked_storage: Variable "proc" going out of scope leaks the storage it points to.
    
    Mixing static arrays and dynamic ones was a good idea
    in the 90s when malloc was expensive, but now, we should
    probably make the code clearer by just allocating the
    memory when needed.
    
    Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>

commit 6a7584e0337bb5cfec7f786231597f46c6d5fb16
Author: Benjamin Tissoires <benjamin.tissoires at gmail.com>
Date:   Thu Apr 11 17:27:12 2019 +0200

    dummy fix for covscan
    
    covscan seems lost here:
    
    Error: RESOURCE_LEAK (CWE-772):
    libXt-20190411/src/Intrinsic.c:1074: alloc_fn: Storage is returned from allocation function "__XtMalloc".
    libXt-20190411/src/Intrinsic.c:1074: var_assign: Assigning: "buf2" = storage returned from "__XtMalloc(4096U)".
    libXt-20190411/src/Intrinsic.c:1110: leaked_storage: Variable "buf2" going out of scope leaks the storage it points to.
    
    Error: USE_AFTER_FREE (CWE-416):
    libXt-20190411/src/Intrinsic.c:1113: alias: Assigning: "buf" = "buf2". Now both point to the same storage.
    libXt-20190411/src/Intrinsic.c:1108: freed_arg: "XtFree" frees "buf2".
    libXt-20190411/src/Intrinsic.c:1110: use_after_free: Using freed pointer "buf".
    
    Both are false positive, but we can make it understand where it
    is wrong.
    
    Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>

commit bca67f981dd3bcf730ac3816836b66049dd09f33
Author: Benjamin Tissoires <benjamin.tissoires at gmail.com>
Date:   Thu Apr 11 17:26:58 2019 +0200

    Fix leaks detected by covscan
    
    The following leaks are reported by covscan:
    
    Error: RESOURCE_LEAK (CWE-772):
    libXt-20190411/src/ResConfig.c:542: alloc_arg: "_get_part" allocates memory that is stored into "part".
    libXt-20190411/src/ResConfig.c:544: noescape: Resource "part" is not freed or pointed-to in "_match_resource_to_widget".
    libXt-20190411/src/ResConfig.c:560: leaked_storage: Variable "part" going out of scope leaks the storage it points to.
    
    Error: RESOURCE_LEAK (CWE-772):
    libXt-20190411/src/TMgrab.c:108: alloc_arg: "XtKeysymToKeycodeList" allocates memory that is stored into "keycodes".
    libXt-20190411/src/TMgrab.c:115: var_assign: Assigning: "keycodeP" = "keycodes".
    libXt-20190411/src/TMgrab.c:124: leaked_storage: Variable "keycodeP" going out of scope leaks the storage it points to.
    libXt-20190411/src/TMgrab.c:124: leaked_storage: Variable "keycodes" going out of scope leaks the storage it points to.
    
    Error: RESOURCE_LEAK (CWE-772):
    libXt-20190411/src/TMparse.c:1544: alloc_fn: Storage is returned from allocation function "XtMalloc".
    libXt-20190411/src/TMparse.c:1544: var_assign: Assigning: "event" = storage returned from "XtMalloc(88U)".
    libXt-20190411/src/TMparse.c:1549: noescape: Resource "event" is not freed or pointed-to in "ParseQuotedStringEvent".
    libXt-20190411/src/TMparse.c:1555: leaked_storage: Variable "event" going out of scope leaks the storage it points to.
    
    Error: RESOURCE_LEAK (CWE-772):
    libXt-20190411/src/TMparse.c:1779: alloc_fn: Storage is returned from allocation function "XtMalloc".
    libXt-20190411/src/TMparse.c:1779: var_assign: Assigning: "action" = storage returned from "XtMalloc(32U)".
    libXt-20190411/src/TMparse.c:1784: noescape: Resource "action" is not freed or pointed-to in "ParseAction".
    libXt-20190411/src/TMparse.c:1785: leaked_storage: Variable "action" going out of scope leaks the storage it points to.
    
    In addition to this legitimate leaks, covscan can get confused by
    the allocated memory in XtKeysymToKeycodeList:
    
    Error: RESOURCE_LEAK (CWE-772):
    libXt-20190411/src/TMgrab.c:108: alloc_arg: "XtKeysymToKeycodeList" allocates memory that is stored into "keycodes".
    libXt-20190411/src/TMgrab.c:114: leaked_storage: Variable "keycodes" going out of scope leaks the storage it points to.
    
    Signed-off-by: Benjamin Tissoires <benjamin.tissoires at gmail.com>

More information about the xorg-commit mailing list