[PATCH] xserver: Avoid sending uninitialized padding data over the network
Peter Hutterer
peter.hutterer at who-t.net
Wed Feb 11 14:01:24 PST 2009
On Wed, Feb 11, 2009 at 06:00:27PM +0100, Peter Åstrand wrote:
> This patch is in spirit similar to the recent libXfont patch (commit
> 04ced93e997b185b5d9124cacc96fa39a77b2ab7 ), but for the xserver instead.
> The patch is most likely not complete: I haven't exercised every
> operation. With the patch, however, I can launch the xserver, xterm,
> metacity plus Firefox, without a single Valgrind 3.4.0 warning.
Thanks for the patch.
There's a nitpick and it's arguably personal preference: please shift the
memsets for reply handling down to happen before, well, the reply handling.
Take the example of the GetModifierMapping handling:
int
ProcGetModifierMapping(ClientPtr client)
{
xGetModifierMappingReply rep;
int ret, max_keys_per_mod = 0;
KeyCode *modkeymap = NULL;
REQUEST_SIZE_MATCH(xReq);
ret = generate_modkeymap(client, PickKeyboard(client), &modkeymap,
&max_keys_per_mod);
if (ret != Success)
return ret;
<<<< MEMSET HERE
rep.type = X_Reply;
rep.numKeyPerModifier = max_keys_per_mod;
...
IMO, it improves readability and it saves memsets when we return early anyway.
Cheers,
Peter
> From 298847be7f1af550b83c13baab07fa97b4a95f78 Mon Sep 17 00:00:00 2001
> From: Peter Astrand <astrand at maggie.lkpg.cendio.se>
> Date: Wed, 11 Feb 2009 17:51:25 +0100
> Subject: [PATCH] Avoid sending uninitialized padding data over the network. Besides
> cluttering Valgrind output, this might also be an information leak.
>
> Signed-off-by: Peter Astrand <astrand at cendio.se>
> ---
> Xext/bigreq.c | 1 +
> Xext/shape.c | 2 ++
> Xext/shm.c | 1 +
> Xext/sync.c | 1 +
> Xi/getvers.c | 1 +
> Xi/listdev.c | 3 ++-
> Xi/opendev.c | 1 +
> dix/devices.c | 2 ++
> dix/dispatch.c | 18 ++++++++++++++----
> dix/dixfonts.c | 2 ++
> dix/events.c | 10 ++++++++++
> dix/extension.c | 2 ++
> dix/main.c | 4 ++++
> dix/property.c | 2 ++
> dix/selection.c | 2 ++
> dix/window.c | 10 ++++++++++
> mi/miexpose.c | 3 ++-
> randr/rrxinerama.c | 1 +
> render/render.c | 3 ++-
> xfixes/select.c | 1 +
> xfixes/xfixes.c | 1 +
> xkb/xkb.c | 5 ++++-
> xkb/xkbEvents.c | 6 ++++++
> xkb/xkbUtils.c | 1 +
> 24 files changed, 75 insertions(+), 8 deletions(-)
>
> diff --git a/Xext/bigreq.c b/Xext/bigreq.c
> index 8857df3..1cd238b 100644
> --- a/Xext/bigreq.c
> +++ b/Xext/bigreq.c
> @@ -57,6 +57,7 @@ ProcBigReqDispatch (ClientPtr client)
> xBigReqEnableReply rep;
> int n;
>
> + memset(&rep, 0, sizeof(xBigReqEnableReply));
> if (client->swapped) {
> swaps(&stuff->length, n);
> }
> diff --git a/Xext/shape.c b/Xext/shape.c
> index fbf8f8c..46d7494 100644
> --- a/Xext/shape.c
> +++ b/Xext/shape.c
> @@ -255,6 +255,7 @@ ProcShapeQueryVersion (ClientPtr client)
> xShapeQueryVersionReply rep;
> int n;
>
> + memset(&rep, 0, sizeof(xShapeQueryVersionReply));
> REQUEST_SIZE_MATCH (xShapeQueryVersionReq);
> rep.type = X_Reply;
> rep.length = 0;
> @@ -678,6 +679,7 @@ ProcShapeQueryExtents (ClientPtr client)
> int n, rc;
> RegionPtr region;
>
> + memset(&rep, 0, sizeof(xShapeQueryExtentsReply));
> REQUEST_SIZE_MATCH (xShapeQueryExtentsReq);
> rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
> if (rc != Success)
> diff --git a/Xext/shm.c b/Xext/shm.c
> index 7b63484..b94b878 100644
> --- a/Xext/shm.c
> +++ b/Xext/shm.c
> @@ -308,6 +308,7 @@ ProcShmQueryVersion(ClientPtr client)
> xShmQueryVersionReply rep;
> int n;
>
> + memset(&rep, 0, sizeof(xShmQueryVersionReply));
> REQUEST_SIZE_MATCH(xShmQueryVersionReq);
> rep.type = X_Reply;
> rep.length = 0;
> diff --git a/Xext/sync.c b/Xext/sync.c
> index 9236fab..7ce3ba6 100644
> --- a/Xext/sync.c
> +++ b/Xext/sync.c
> @@ -1142,6 +1142,7 @@ ProcSyncInitialize(ClientPtr client)
> xSyncInitializeReply rep;
> int n;
>
> + memset(&rep, 0, sizeof(xSyncInitializeReply));
> REQUEST_SIZE_MATCH(xSyncInitializeReq);
>
> rep.type = X_Reply;
> diff --git a/Xi/getvers.c b/Xi/getvers.c
> index f8fd56e..9a9129d 100644
> --- a/Xi/getvers.c
> +++ b/Xi/getvers.c
> @@ -97,6 +97,7 @@ ProcXGetExtensionVersion(ClientPtr client)
> REQUEST(xGetExtensionVersionReq);
> REQUEST_AT_LEAST_SIZE(xGetExtensionVersionReq);
>
> + memset(&rep, 0, sizeof(xGetExtensionVersionReply));
> if (stuff->length != (sizeof(xGetExtensionVersionReq) +
> stuff->nbytes + 3) >> 2)
> return BadLength;
> diff --git a/Xi/listdev.c b/Xi/listdev.c
> index 9a5a189..48c1e05 100644
> --- a/Xi/listdev.c
> +++ b/Xi/listdev.c
> @@ -338,6 +338,7 @@ ProcXListInputDevices(ClientPtr client)
>
> REQUEST_SIZE_MATCH(xListInputDevicesReq);
>
> + memset(&rep, 0, sizeof(xListInputDevicesReply));
> rep.repType = X_Reply;
> rep.RepType = X_ListInputDevices;
> rep.length = 0;
> @@ -379,7 +380,7 @@ ProcXListInputDevices(ClientPtr client)
> }
>
> total_length = numdevs * sizeof(xDeviceInfo) + size + namesize;
> - devbuf = (char *)xalloc(total_length);
> + devbuf = (char *)xcalloc(1, total_length);
> classbuf = devbuf + (numdevs * sizeof(xDeviceInfo));
> namebuf = classbuf + size;
> savbuf = devbuf;
> diff --git a/Xi/opendev.c b/Xi/opendev.c
> index 41edb0f..3965a4d 100644
> --- a/Xi/opendev.c
> +++ b/Xi/opendev.c
> @@ -101,6 +101,7 @@ ProcXOpenDevice(ClientPtr client)
>
> REQUEST(xOpenDeviceReq);
> REQUEST_SIZE_MATCH(xOpenDeviceReq);
> + memset(&rep, 0, sizeof(xOpenDeviceReply));
>
> status = dixLookupDevice(&dev, stuff->deviceid, client, DixUseAccess);
>
> diff --git a/dix/devices.c b/dix/devices.c
> index 934e695..c80fb98 100644
> --- a/dix/devices.c
> +++ b/dix/devices.c
> @@ -1461,6 +1461,7 @@ ProcGetModifierMapping(ClientPtr client)
> KeyCode *modkeymap = NULL;
> REQUEST_SIZE_MATCH(xReq);
>
> + memset(&rep, 0, sizeof(xGetModifierMappingReply));
> ret = generate_modkeymap(client, PickKeyboard(client), &modkeymap,
> &max_keys_per_mod);
> if (ret != Success)
> @@ -1601,6 +1602,7 @@ ProcGetKeyboardMapping(ClientPtr client)
> REQUEST(xGetKeyboardMappingReq);
> REQUEST_SIZE_MATCH(xGetKeyboardMappingReq);
>
> + memset(&rep, 0, sizeof(xGetKeyboardMappingReply));
> rc = XaceHook(XACE_DEVICE_ACCESS, client, kbd, DixGetAttrAccess);
> if (rc != Success)
> return rc;
> diff --git a/dix/dispatch.c b/dix/dispatch.c
> index b06f4aa..a1c382a 100644
> --- a/dix/dispatch.c
> +++ b/dix/dispatch.c
> @@ -548,6 +548,7 @@ ProcGetWindowAttributes(ClientPtr client)
> xGetWindowAttributesReply wa;
> int rc;
>
> + memset(&wa, 0, sizeof(xGetWindowAttributesReply));
> REQUEST_SIZE_MATCH(xResourceReq);
> rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
> if (rc != Success)
> @@ -813,6 +814,7 @@ ProcGetGeometry(ClientPtr client)
> xGetGeometryReply rep;
> int status;
>
> + memset(&rep, 0, sizeof(xGetGeometryReply));
> if ((status = GetGeometry(client, &rep)) != Success)
> return status;
>
> @@ -830,6 +832,7 @@ ProcQueryTree(ClientPtr client)
> Window *childIDs = (Window *)NULL;
> REQUEST(xResourceReq);
>
> + memset(&reply, 0, sizeof(xQueryTreeReply));
> REQUEST_SIZE_MATCH(xResourceReq);
> rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
> if (rc != Success)
> @@ -887,6 +890,7 @@ ProcInternAtom(ClientPtr client)
> if (atom != BAD_RESOURCE)
> {
> xInternAtomReply reply;
> + memset(&reply, 0, sizeof(xInternAtomReply));
> reply.type = X_Reply;
> reply.length = 0;
> reply.sequenceNumber = client->sequence;
> @@ -906,6 +910,7 @@ ProcGetAtomName(ClientPtr client)
> int len;
> REQUEST(xResourceReq);
>
> + memset(&reply, 0, sizeof(xGetAtomNameReply));
> REQUEST_SIZE_MATCH(xResourceReq);
> if ( (str = NameForAtom(stuff->id)) )
> {
> @@ -999,6 +1004,7 @@ ProcTranslateCoords(ClientPtr client)
> xTranslateCoordsReply rep;
> int rc;
>
> + memset(&rep, 0, sizeof(xTranslateCoordsReply));
> REQUEST_SIZE_MATCH(xTranslateCoordsReq);
> rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixGetAttrAccess);
> if (rc != Success)
> @@ -1142,7 +1148,7 @@ ProcQueryFont(ClientPtr client)
> rlength = sizeof(xQueryFontReply) +
> FONTINFONPROPS(FONTCHARSET(pFont)) * sizeof(xFontProp) +
> nprotoxcistructs * sizeof(xCharInfo);
> - reply = xalloc(rlength);
> + reply = xcalloc(1, rlength);
> if(!reply)
> {
> return(BadAlloc);
> @@ -1910,6 +1916,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
> xGetImageReply xgi;
> RegionPtr pVisibleRegion = NULL;
>
> + memset(&xgi, 0, sizeof(xGetImageReply));
> if ((format != XYPixmap) && (format != ZPixmap))
> {
> client->errorValue = format;
> @@ -1970,7 +1977,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
> xgi.length = length;
>
> if (im_return) {
> - pBuf = xalloc(sz_xGetImageReply + length);
> + pBuf = xcalloc(1, sz_xGetImageReply + length);
> if (!pBuf)
> return (BadAlloc);
> if (widthBytesLine == 0)
> @@ -2008,7 +2015,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
> length += widthBytesLine;
> }
> }
> - if(!(pBuf = xalloc(length)))
> + if(!(pBuf = xcalloc(1, length)))
> return (BadAlloc);
> WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
> }
> @@ -2745,8 +2752,9 @@ ProcQueryColors(ClientPtr client)
> xrgb *prgbs;
> xQueryColorsReply qcr;
>
> + memset(&qcr, 0, sizeof(xQueryColorsReply));
> count = ((client->req_len << 2) - sizeof(xQueryColorsReq)) >> 2;
> - prgbs = xalloc(count * sizeof(xrgb));
> + prgbs = xcalloc(1, count * sizeof(xrgb));
> if(!prgbs && count)
> return(BadAlloc);
> if( (rc = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) )
> @@ -2967,6 +2975,7 @@ ProcQueryBestSize (ClientPtr client)
> REQUEST(xQueryBestSizeReq);
> REQUEST_SIZE_MATCH(xQueryBestSizeReq);
>
> + memset(&reply, 0, sizeof(xQueryBestSizeReply));
> if ((stuff->class != CursorShape) &&
> (stuff->class != TileShape) &&
> (stuff->class != StippleShape))
> @@ -3700,6 +3709,7 @@ SendErrorToClient(ClientPtr client, unsigned majorCode, unsigned minorCode,
> {
> xError rep;
>
> + memset(&rep, 0, sizeof(xError));
> rep.type = X_Error;
> rep.sequenceNumber = client->sequence;
> rep.errorCode = errorCode;
> diff --git a/dix/dixfonts.c b/dix/dixfonts.c
> index 9f596e8..9bdeebf 100644
> --- a/dix/dixfonts.c
> +++ b/dix/dixfonts.c
> @@ -598,6 +598,7 @@ doListFontsAndAliases(ClientPtr client, LFclosurePtr c)
> char *bufferStart;
> int aliascount = 0;
>
> + memset(&reply, 0, sizeof(xListFontsReply));
> if (client->clientGone)
> {
> if (c->current.current_fpe < c->num_fpes)
> @@ -1048,6 +1049,7 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c)
> err = AllocError;
> break;
> }
> + memset(reply + c->length, 0, length - c->length);
> c->reply = reply;
> c->length = length;
> }
> diff --git a/dix/events.c b/dix/events.c
> index 0db2d6a..21772ad 100644
> --- a/dix/events.c
> +++ b/dix/events.c
> @@ -2229,6 +2229,7 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab,
> int mskidx = dev->id;
> xEvent core;
>
> + memset(&core, 0, sizeof(xEvent));
> if (XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, xE, count))
> return 0;
>
> @@ -3373,6 +3374,7 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count)
> xEvent core;
> int deliveries = 0;
>
> + memset(&core, 0, sizeof(xEvent));
> if (focus == FollowKeyboardWin)
> focus = inputInfo.keyboard->focus->win;
> if (!focus)
> @@ -3434,6 +3436,7 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev,
> SpritePtr pSprite = thisDev->spriteInfo->sprite;
> BOOL sendCore = FALSE;
>
> + memset(&core, 0, sizeof(xEvent));
> grabinfo = &thisDev->deviceGrab;
> grab = grabinfo->grab;
>
> @@ -3853,6 +3856,7 @@ CoreEnterLeaveEvent(
> GrabPtr grab = mouse->deviceGrab.grab;
> Mask mask;
>
> + memset(&event, 0, sizeof(xEvent));
> keybd = GetPairedDevice(mouse);
>
> if ((pWin == mouse->valuator->motionHintWindow) &&
> @@ -3939,6 +3943,7 @@ DeviceEnterLeaveEvent(
> DeviceIntPtr keybd = GetPairedDevice(mouse);
> BOOL sameScreen;
>
> + memset(&event, 0, sizeof(xEvent));
> if (grab) {
> mask = (pWin == grab->window) ? grab->eventMask : 0;
> if (grab->ownerEvents)
> @@ -3990,6 +3995,7 @@ CoreFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin)
> {
> xEvent event;
>
> + memset(&event, 0, sizeof(xEvent));
> event.u.focus.mode = mode;
> event.u.u.type = type;
> event.u.u.detail = detail;
> @@ -4149,6 +4155,7 @@ ProcGetInputFocus(ClientPtr client)
> /* REQUEST(xReq); */
> REQUEST_SIZE_MATCH(xReq);
>
> + memset(&rep, 0, sizeof(xGetInputFocusReply));
> rc = XaceHook(XACE_DEVICE_ACCESS, client, kbd, DixGetFocusAccess);
> if (rc != Success)
> return rc;
> @@ -4185,6 +4192,7 @@ ProcGrabPointer(ClientPtr client)
> Mask access_mode = DixGrabAccess;
> int rc;
>
> + memset(&rep, 0, sizeof(xGrabPointerReply));
> REQUEST_SIZE_MATCH(xGrabPointerReq);
> UpdateCurrentTime();
> if ((stuff->pointerMode != GrabModeSync) &&
> @@ -4488,6 +4496,7 @@ ProcGrabKeyboard(ClientPtr client)
> int result;
> DeviceIntPtr keyboard = PickKeyboard(client);
>
> + memset(&rep, 0, sizeof(xGrabKeyboardReply));
> REQUEST_SIZE_MATCH(xGrabKeyboardReq);
>
> result = GrabDevice(client, keyboard, stuff->keyboardMode,
> @@ -4547,6 +4556,7 @@ ProcQueryPointer(ClientPtr client)
> REQUEST(xResourceReq);
> REQUEST_SIZE_MATCH(xResourceReq);
>
> + memset(&rep, 0, sizeof(xQueryPointerReply));
> rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
> if (rc != Success)
> return rc;
> diff --git a/dix/extension.c b/dix/extension.c
> index 330fd28..6b92e56 100644
> --- a/dix/extension.c
> +++ b/dix/extension.c
> @@ -268,6 +268,7 @@ ProcQueryExtension(ClientPtr client)
>
> REQUEST_FIXED_SIZE(xQueryExtensionReq, stuff->nbytes);
>
> + memset(&reply, 0, sizeof(xQueryExtensionReply));
> reply.type = X_Reply;
> reply.length = 0;
> reply.major_opcode = 0;
> @@ -301,6 +302,7 @@ ProcListExtensions(ClientPtr client)
>
> REQUEST_SIZE_MATCH(xReq);
>
> + memset(&reply, 0, sizeof(xListExtensionsReply));
> reply.type = X_Reply;
> reply.nExtensions = 0;
> reply.length = 0;
> diff --git a/dix/main.c b/dix/main.c
> index 3c25e2e..ec236d8 100644
> --- a/dix/main.c
> +++ b/dix/main.c
> @@ -491,6 +491,7 @@ CreateConnectionBlock(void)
> char *pBuf;
>
>
> + memset(&setup, 0, sizeof(xConnSetup));
> /* Leave off the ridBase and ridMask, these must be sent with
> connection */
>
> @@ -531,6 +532,7 @@ CreateConnectionBlock(void)
> while (--i >= 0)
> *pBuf++ = 0;
>
> + memset(&format, 0, sizeof(xPixmapFormat));
> for (i=0; i<screenInfo.numPixmapFormats; i++)
> {
> format.depth = screenInfo.formats[i].depth;
> @@ -542,6 +544,8 @@ CreateConnectionBlock(void)
> }
>
> connBlockScreenStart = sizesofar;
> + memset(&depth, 0, sizeof(xDepth));
> + memset(&visual, 0, sizeof(xVisualType));
> for (i=0; i<screenInfo.numScreens; i++)
> {
> ScreenPtr pScreen;
> diff --git a/dix/property.c b/dix/property.c
> index 5bf4232..0fa6381 100644
> --- a/dix/property.c
> +++ b/dix/property.c
> @@ -111,6 +111,7 @@ deliverPropertyNotifyEvent(WindowPtr pWin, int state, Atom atom)
> {
> xEvent event;
>
> + memset(&event, 0, sizeof(xEvent));
> event.u.u.type = PropertyNotify;
> event.u.property.window = pWin->drawable.id;
> event.u.property.state = state;
> @@ -453,6 +454,7 @@ ProcGetProperty(ClientPtr client)
> Mask win_mode = DixGetPropAccess, prop_mode = DixReadAccess;
> REQUEST(xGetPropertyReq);
>
> + memset(&reply, 0, sizeof(xGetPropertyReply));
> REQUEST_SIZE_MATCH(xGetPropertyReq);
> if (stuff->delete) {
> UpdateCurrentTime();
> diff --git a/dix/selection.c b/dix/selection.c
> index 1fd0d21..89a715b 100644
> --- a/dix/selection.c
> +++ b/dix/selection.c
> @@ -235,6 +235,7 @@ ProcGetSelectionOwner(ClientPtr client)
> Selection *pSel;
> xGetSelectionOwnerReply reply;
>
> + memset(&reply, 0, sizeof(xGetSelectionOwnerReply));
> REQUEST(xResourceReq);
> REQUEST_SIZE_MATCH(xResourceReq);
>
> @@ -270,6 +271,7 @@ ProcConvertSelection(ClientPtr client)
>
> REQUEST(xConvertSelectionReq);
> REQUEST_SIZE_MATCH(xConvertSelectionReq);
> + memset(&event, 0, sizeof(xEvent));
>
> rc = dixLookupWindow(&pWin, stuff->requestor, client, DixSetAttrAccess);
> if (rc != Success)
> diff --git a/dix/window.c b/dix/window.c
> index d4c587e..198392f 100644
> --- a/dix/window.c
> +++ b/dix/window.c
> @@ -573,6 +573,7 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
> PixmapFormatRec *format;
> WindowOptPtr ancwopt;
>
> + memset(&event, 0, sizeof(xEvent));
> if (class == CopyFromParent)
> class = pParent->drawable.class;
>
> @@ -874,6 +875,7 @@ CrushTree(WindowPtr pWin)
> UnrealizeWindowProcPtr UnrealizeWindow;
> xEvent event;
>
> + memset(&event, 0, sizeof(xEvent));
> if (!(pChild = pWin->firstChild))
> return;
> UnrealizeWindow = pWin->drawable.pScreen->UnrealizeWindow;
> @@ -928,6 +930,7 @@ DeleteWindow(pointer value, XID wid)
> WindowPtr pWin = (WindowPtr)value;
> xEvent event;
>
> + memset(&event, 0, sizeof(xEvent));
> UnmapWindow(pWin, FALSE);
>
> CrushTree(pWin);
> @@ -2146,6 +2149,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
> int rc, action, smode = Above;
> xEvent event;
>
> + memset(&event, 0, sizeof(xEvent));
> if ((pWin->drawable.class == InputOnly) && (mask & IllegalInputOnlyConfigureMask))
> return(BadMatch);
>
> @@ -2278,6 +2282,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
> if (size_change && ((pWin->eventMask|wOtherEventMasks(pWin)) & ResizeRedirectMask))
> {
> xEvent eventT;
> + memset(&eventT, 0, sizeof(xEvent));
> eventT.u.u.type = ResizeRequest;
> eventT.u.resizeRequest.window = pWin->drawable.id;
> eventT.u.resizeRequest.width = w;
> @@ -2471,6 +2476,7 @@ ReparentWindow(WindowPtr pWin, WindowPtr pParent,
> int bw = wBorderWidth (pWin);
> ScreenPtr pScreen;
>
> + memset(&event, 0, sizeof(xEvent));
> pScreen = pWin->drawable.pScreen;
> if (TraverseTree(pWin, CompareWIDs, (pointer)&pParent->drawable.id) == WT_STOPWALKING)
> return(BadMatch);
> @@ -2636,6 +2642,7 @@ MapWindow(WindowPtr pWin, ClientPtr client)
> xEvent event;
> Bool anyMarked;
>
> + memset(&event, 0, sizeof(xEvent));
> if ((!pWin->overrideRedirect) &&
> (RedirectSend(pParent)
> ))
> @@ -2716,6 +2723,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client)
> Bool anyMarked;
> WindowPtr pLayerWin;
>
> + memset(&event, 0, sizeof(xEvent));
> pScreen = pParent->drawable.pScreen;
> parentRedirect = RedirectSend(pParent);
> parentNotify = SubSend(pParent);
> @@ -2846,6 +2854,7 @@ UnmapWindow(WindowPtr pWin, Bool fromConfigure)
> ScreenPtr pScreen = pWin->drawable.pScreen;
> WindowPtr pLayerWin = pWin;
>
> + memset(&event, 0, sizeof(xEvent));
> if ((!pWin->mapped) || (!(pParent = pWin->parent)))
> return(Success);
> if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin))
> @@ -3056,6 +3065,7 @@ SendVisibilityNotify(WindowPtr pWin)
> #ifndef NO_XINERAMA_PORT
> unsigned int visibility = pWin->visibility;
> #endif
> + memset(&event, 0, sizeof(xEvent));
> if (!MapUnmapEventsEnabled(pWin))
> return;
> #ifdef PANORAMIX
> diff --git a/mi/miexpose.c b/mi/miexpose.c
> index 082f906..5746a5f 100644
> --- a/mi/miexpose.c
> +++ b/mi/miexpose.c
> @@ -381,6 +381,7 @@ miSendGraphicsExpose (ClientPtr client, RegionPtr pRgn, XID drawable,
> else
> {
> xEvent event;
> + memset(&event, 0, sizeof(xEvent));
> event.u.u.type = NoExpose;
> event.u.noExposure.drawable = drawable;
> event.u.noExposure.majorEvent = major;
> @@ -401,7 +402,7 @@ miSendExposures( WindowPtr pWin, RegionPtr pRgn, int dx, int dy)
>
> pBox = REGION_RECTS(pRgn);
> numRects = REGION_NUM_RECTS(pRgn);
> - if(!(pEvent = xalloc(numRects * sizeof(xEvent))))
> + if(!(pEvent = xcalloc(1, numRects * sizeof(xEvent))))
> return;
>
> for (i=numRects, pe = pEvent; --i >= 0; pe++, pBox++)
> diff --git a/randr/rrxinerama.c b/randr/rrxinerama.c
> index 36135c6..b5bb668 100644
> --- a/randr/rrxinerama.c
> +++ b/randr/rrxinerama.c
> @@ -244,6 +244,7 @@ ProcRRXineramaIsActive(ClientPtr client)
> {
> xXineramaIsActiveReply rep;
>
> + memset(&rep, 0, sizeof(xXineramaIsActiveReply));
> REQUEST_SIZE_MATCH(xXineramaIsActiveReq);
>
> rep.type = X_Reply;
> diff --git a/render/render.c b/render/render.c
> index 658b170..c5b5030 100644
> --- a/render/render.c
> +++ b/render/render.c
> @@ -262,6 +262,7 @@ ProcRenderQueryVersion (ClientPtr client)
> register int n;
> REQUEST(xRenderQueryVersionReq);
>
> + memset(&rep, 0, sizeof(xRenderQueryVersionReply));
> pRenderClient->major_version = stuff->majorVersion;
> pRenderClient->minor_version = stuff->minorVersion;
>
> @@ -363,7 +364,7 @@ ProcRenderQueryPictFormats (ClientPtr client)
> ndepth * sizeof (xPictDepth) +
> nvisual * sizeof (xPictVisual) +
> numSubpixel * sizeof (CARD32));
> - reply = (xRenderQueryPictFormatsReply *) xalloc (rlength);
> + reply = (xRenderQueryPictFormatsReply *) xcalloc (1, rlength);
> if (!reply)
> return BadAlloc;
> reply->type = X_Reply;
> diff --git a/xfixes/select.c b/xfixes/select.c
> index 12a165f..795b8bd 100644
> --- a/xfixes/select.c
> +++ b/xfixes/select.c
> @@ -83,6 +83,7 @@ XFixesSelectionCallback (CallbackListPtr *callbacks, pointer data, pointer args)
> {
> xXFixesSelectionNotifyEvent ev;
>
> + memset(&ev, 0, sizeof(xXFixesSelectionNotifyEvent));
> ev.type = XFixesEventBase + XFixesSelectionNotify;
> ev.subtype = subtype;
> ev.sequenceNumber = e->pClient->sequence;
> diff --git a/xfixes/xfixes.c b/xfixes/xfixes.c
> index d1225c6..b1f23ce 100644
> --- a/xfixes/xfixes.c
> +++ b/xfixes/xfixes.c
> @@ -68,6 +68,7 @@ ProcXFixesQueryVersion(ClientPtr client)
> register int n;
> REQUEST(xXFixesQueryVersionReq);
>
> + memset(&rep, 0, sizeof(xXFixesQueryVersionReply));
> REQUEST_SIZE_MATCH(xXFixesQueryVersionReq);
> rep.type = X_Reply;
> rep.length = 0;
> diff --git a/xkb/xkb.c b/xkb/xkb.c
> index 30d58bf..e674c54 100644
> --- a/xkb/xkb.c
> +++ b/xkb/xkb.c
> @@ -159,6 +159,7 @@ ProcXkbUseExtension(ClientPtr client)
> register int n;
> int supported;
>
> + memset(&rep, 0, sizeof(xkbUseExtensionReply));
> REQUEST_SIZE_MATCH(xkbUseExtensionReq);
> if (stuff->wantedMajor != XkbMajorVersion) {
> /* pre-release version 0.65 is compatible with 1.00 */
> @@ -1363,7 +1364,7 @@ unsigned i,len;
> char *desc,*start;
>
> len= (rep->length*4)-(SIZEOF(xkbGetMapReply)-SIZEOF(xGenericReply));
> - start= desc= (char *)xalloc(len);
> + start= desc= (char *)xcalloc(1, len);
> if (!start)
> return BadAlloc;
> if ( rep->nTypes>0 )
> @@ -3765,6 +3766,7 @@ ProcXkbGetNames(ClientPtr client)
>
> REQUEST(xkbGetNamesReq);
> REQUEST_SIZE_MATCH(xkbGetNamesReq);
> + memset(&rep, 0, sizeof(xkbGetNamesReply));
>
> if (!(client->xkbClientFlags&_XkbClientInitialized))
> return BadAccess;
> @@ -5345,6 +5347,7 @@ ProcXkbPerClientFlags(ClientPtr client)
> REQUEST(xkbPerClientFlagsReq);
> REQUEST_SIZE_MATCH(xkbPerClientFlagsReq);
>
> + memset(&rep, 0, sizeof(xkbPerClientFlagsReply));
> if (!(client->xkbClientFlags&_XkbClientInitialized))
> return BadAccess;
>
> diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
> index 6c2d32d..c042ac0 100644
> --- a/xkb/xkbEvents.c
> +++ b/xkb/xkbEvents.c
> @@ -838,6 +838,7 @@ XkbSrvLedInfoPtr sli;
> }
> if (pChanges->map.changed) {
> xkbMapNotify mn;
> + memset(&mn, 0, sizeof(xkbMapNotify));
> mn.changed= pChanges->map.changed;
> mn.firstType= pChanges->map.first_type;
> mn.nTypes= pChanges->map.num_types;
> @@ -859,6 +860,7 @@ XkbSrvLedInfoPtr sli;
> if ((pChanges->ctrls.changed_ctrls)||
> (pChanges->ctrls.enabled_ctrls_changes)) {
> xkbControlsNotify cn;
> + memset(&cn, 0, sizeof(xkbControlsNotify));
> cn.changedControls= pChanges->ctrls.changed_ctrls;
> cn.enabledControlChanges= pChanges->ctrls.enabled_ctrls_changes;
> cn.keycode= cause->kc;
> @@ -869,6 +871,7 @@ XkbSrvLedInfoPtr sli;
> }
> if (pChanges->indicators.map_changes) {
> xkbIndicatorNotify in;
> + memset(&in, 0, sizeof(xkbIndicatorNotify));
> if (sli==NULL)
> sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0);
> in.state= sli->effectiveState;
> @@ -877,6 +880,7 @@ XkbSrvLedInfoPtr sli;
> }
> if (pChanges->indicators.state_changes) {
> xkbIndicatorNotify in;
> + memset(&in, 0, sizeof(xkbIndicatorNotify));
> if (sli==NULL)
> sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0);
> in.state= sli->effectiveState;
> @@ -885,6 +889,7 @@ XkbSrvLedInfoPtr sli;
> }
> if (pChanges->names.changed) {
> xkbNamesNotify nn;
> + memset(&nn, 0, sizeof(xkbNamesNotify));
> nn.changed= pChanges->names.changed;
> nn.firstType= pChanges->names.first_type;
> nn.nTypes= pChanges->names.num_types;
> @@ -897,6 +902,7 @@ XkbSrvLedInfoPtr sli;
> }
> if ((pChanges->compat.changed_groups)||(pChanges->compat.num_si>0)) {
> xkbCompatMapNotify cmn;
> + memset(&cmn, 0, sizeof(xkbCompatMapNotify));
> cmn.changedGroups= pChanges->compat.changed_groups;
> cmn.firstSI= pChanges->compat.first_si;
> cmn.nSI= pChanges->compat.num_si;
> diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
> index 98f9fc5..c2cf12b 100644
> --- a/xkb/xkbUtils.c
> +++ b/xkb/xkbUtils.c
> @@ -2094,6 +2094,7 @@ XkbCopyDeviceKeymap(DeviceIntPtr dst, DeviceIntPtr src)
> xkbNewKeyboardNotify nkn;
> Bool ret;
>
> + memset(&nkn, 0, sizeof(xkbNewKeyboardNotify));
> if (!dst->key || !src->key)
> return FALSE;
>
> --
> 1.5.2.2
More information about the xorg-devel
mailing list