[PATCH] xserver: Avoid sending uninitialized padding data over the network
Peter Åstrand
astrand at cendio.se
Fri Feb 13 01:23:28 PST 2009
> Thanks for the patch.
> There's a nitpick and it's arguably personal preference: please shift the
> memsets for reply handling down to happen before, well, the reply handling.
Updated patch attached.
Best regards,
---
Peter Åstrand ThinLinc Chief Developer
Cendio AB http://www.cendio.com
Wallenbergs gata 4
583 30 Linköping Phone: +46-13-21 46 00
-------------- next part --------------
From 6f92db8f0105d642ce28113353a0d27826269159 Mon Sep 17 00:00:00 2001
From: Peter Astrand <astrand at maggie.lkpg.cendio.se>
Date: Fri, 13 Feb 2009 10:19:07 +0100
Subject: [PATCH] Avoid sending uninitialized padding data over the network.
Besides cluttering Valgrind output, this might also be an information
leak.
Signed-off-by: Peter Astrand <astrand at cendio.se>
---
Xext/bigreq.c | 1 +
Xext/shape.c | 2 ++
Xext/shm.c | 1 +
Xext/sync.c | 1 +
Xi/getvers.c | 1 +
Xi/listdev.c | 3 ++-
Xi/opendev.c | 1 +
dix/devices.c | 2 ++
dix/dispatch.c | 18 ++++++++++++++----
dix/dixfonts.c | 2 ++
dix/events.c | 10 ++++++++++
dix/extension.c | 2 ++
dix/main.c | 4 ++++
dix/property.c | 2 ++
dix/selection.c | 2 ++
dix/window.c | 13 +++++++++++++
mi/miexpose.c | 3 ++-
randr/rrxinerama.c | 1 +
render/render.c | 3 ++-
xfixes/select.c | 1 +
xfixes/xfixes.c | 1 +
xkb/xkb.c | 5 ++++-
xkb/xkbEvents.c | 6 ++++++
xkb/xkbUtils.c | 1 +
24 files changed, 78 insertions(+), 8 deletions(-)
diff --git a/Xext/bigreq.c b/Xext/bigreq.c
index 8857df3..e50376c 100644
--- a/Xext/bigreq.c
+++ b/Xext/bigreq.c
@@ -64,6 +64,7 @@ ProcBigReqDispatch (ClientPtr client)
return BadRequest;
REQUEST_SIZE_MATCH(xBigReqEnableReq);
client->big_requests = TRUE;
+ memset(&rep, 0, sizeof(xBigReqEnableReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
diff --git a/Xext/shape.c b/Xext/shape.c
index fbf8f8c..2a6a38b 100644
--- a/Xext/shape.c
+++ b/Xext/shape.c
@@ -256,6 +256,7 @@ ProcShapeQueryVersion (ClientPtr client)
int n;
REQUEST_SIZE_MATCH (xShapeQueryVersionReq);
+ memset(&rep, 0, sizeof(xShapeQueryVersionReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -682,6 +683,7 @@ ProcShapeQueryExtents (ClientPtr client)
rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
if (rc != Success)
return rc;
+ memset(&rep, 0, sizeof(xShapeQueryExtentsReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
diff --git a/Xext/shm.c b/Xext/shm.c
index 7b63484..1f963c1 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -309,6 +309,7 @@ ProcShmQueryVersion(ClientPtr client)
int n;
REQUEST_SIZE_MATCH(xShmQueryVersionReq);
+ memset(&rep, 0, sizeof(xShmQueryVersionReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
diff --git a/Xext/sync.c b/Xext/sync.c
index 9236fab..a30895d 100644
--- a/Xext/sync.c
+++ b/Xext/sync.c
@@ -1144,6 +1144,7 @@ ProcSyncInitialize(ClientPtr client)
REQUEST_SIZE_MATCH(xSyncInitializeReq);
+ memset(&rep, 0, sizeof(xSyncInitializeReply));
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.majorVersion = SYNC_MAJOR_VERSION;
diff --git a/Xi/getvers.c b/Xi/getvers.c
index f8fd56e..b4bc468 100644
--- a/Xi/getvers.c
+++ b/Xi/getvers.c
@@ -116,6 +116,7 @@ ProcXGetExtensionVersion(ClientPtr client)
pXIClient->minor_version = stuff->minorVersion;
} /* else version unknown, leave it at 0.0 */
+ memset(&rep, 0, sizeof(xGetExtensionVersionReply));
rep.repType = X_Reply;
rep.RepType = X_GetExtensionVersion;
rep.length = 0;
diff --git a/Xi/listdev.c b/Xi/listdev.c
index 9a5a189..48c1e05 100644
--- a/Xi/listdev.c
+++ b/Xi/listdev.c
@@ -338,6 +338,7 @@ ProcXListInputDevices(ClientPtr client)
REQUEST_SIZE_MATCH(xListInputDevicesReq);
+ memset(&rep, 0, sizeof(xListInputDevicesReply));
rep.repType = X_Reply;
rep.RepType = X_ListInputDevices;
rep.length = 0;
@@ -379,7 +380,7 @@ ProcXListInputDevices(ClientPtr client)
}
total_length = numdevs * sizeof(xDeviceInfo) + size + namesize;
- devbuf = (char *)xalloc(total_length);
+ devbuf = (char *)xcalloc(1, total_length);
classbuf = devbuf + (numdevs * sizeof(xDeviceInfo));
namebuf = classbuf + size;
savbuf = devbuf;
diff --git a/Xi/opendev.c b/Xi/opendev.c
index 41edb0f..502bdfc 100644
--- a/Xi/opendev.c
+++ b/Xi/opendev.c
@@ -126,6 +126,7 @@ ProcXOpenDevice(ClientPtr client)
if (status != Success)
return status;
+ memset(&rep, 0, sizeof(xOpenDeviceReply));
rep.repType = X_Reply;
rep.RepType = X_OpenDevice;
rep.sequenceNumber = client->sequence;
diff --git a/dix/devices.c b/dix/devices.c
index 934e695..51d7091 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -1466,6 +1466,7 @@ ProcGetModifierMapping(ClientPtr client)
if (ret != Success)
return ret;
+ memset(&rep, 0, sizeof(xGetModifierMappingReply));
rep.type = X_Reply;
rep.numKeyPerModifier = max_keys_per_mod;
rep.sequenceNumber = client->sequence;
@@ -1621,6 +1622,7 @@ ProcGetKeyboardMapping(ClientPtr client)
if (!syms)
return BadAlloc;
+ memset(&rep, 0, sizeof(xGetKeyboardMappingReply));
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.keySymsPerKeyCode = syms->mapWidth;
diff --git a/dix/dispatch.c b/dix/dispatch.c
index b06f4aa..22138b7 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -552,6 +552,7 @@ ProcGetWindowAttributes(ClientPtr client)
rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
+ memset(&wa, 0, sizeof(xGetWindowAttributesReply));
GetWindowAttributes(pWin, client, &wa);
WriteReplyToClient(client, sizeof(xGetWindowAttributesReply), &wa);
return(client->noClientException);
@@ -813,6 +814,7 @@ ProcGetGeometry(ClientPtr client)
xGetGeometryReply rep;
int status;
+ memset(&rep, 0, sizeof(xGetGeometryReply));
if ((status = GetGeometry(client, &rep)) != Success)
return status;
@@ -834,6 +836,7 @@ ProcQueryTree(ClientPtr client)
rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
+ memset(&reply, 0, sizeof(xQueryTreeReply));
reply.type = X_Reply;
reply.root = WindowTable[pWin->drawable.pScreen->myNum]->drawable.id;
reply.sequenceNumber = client->sequence;
@@ -887,6 +890,7 @@ ProcInternAtom(ClientPtr client)
if (atom != BAD_RESOURCE)
{
xInternAtomReply reply;
+ memset(&reply, 0, sizeof(xInternAtomReply));
reply.type = X_Reply;
reply.length = 0;
reply.sequenceNumber = client->sequence;
@@ -910,6 +914,7 @@ ProcGetAtomName(ClientPtr client)
if ( (str = NameForAtom(stuff->id)) )
{
len = strlen(str);
+ memset(&reply, 0, sizeof(xGetAtomNameReply));
reply.type = X_Reply;
reply.length = (len + 3) >> 2;
reply.sequenceNumber = client->sequence;
@@ -1006,6 +1011,7 @@ ProcTranslateCoords(ClientPtr client)
rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixGetAttrAccess);
if (rc != Success)
return rc;
+ memset(&rep, 0, sizeof(xTranslateCoordsReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -1142,7 +1148,7 @@ ProcQueryFont(ClientPtr client)
rlength = sizeof(xQueryFontReply) +
FONTINFONPROPS(FONTCHARSET(pFont)) * sizeof(xFontProp) +
nprotoxcistructs * sizeof(xCharInfo);
- reply = xalloc(rlength);
+ reply = xcalloc(1, rlength);
if(!reply)
{
return(BadAlloc);
@@ -1919,6 +1925,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
if (rc != Success)
return rc;
+ memset(&xgi, 0, sizeof(xGetImageReply));
if(pDraw->type == DRAWABLE_WINDOW)
{
if( /* check for being viewable */
@@ -1970,7 +1977,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
xgi.length = length;
if (im_return) {
- pBuf = xalloc(sz_xGetImageReply + length);
+ pBuf = xcalloc(1, sz_xGetImageReply + length);
if (!pBuf)
return (BadAlloc);
if (widthBytesLine == 0)
@@ -2008,7 +2015,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
length += widthBytesLine;
}
}
- if(!(pBuf = xalloc(length)))
+ if(!(pBuf = xcalloc(1, length)))
return (BadAlloc);
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
}
@@ -2746,7 +2753,7 @@ ProcQueryColors(ClientPtr client)
xQueryColorsReply qcr;
count = ((client->req_len << 2) - sizeof(xQueryColorsReq)) >> 2;
- prgbs = xalloc(count * sizeof(xrgb));
+ prgbs = xcalloc(1, count * sizeof(xrgb));
if(!prgbs && count)
return(BadAlloc);
if( (rc = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) )
@@ -2760,6 +2767,7 @@ ProcQueryColors(ClientPtr client)
return rc;
}
}
+ memset(&qcr, 0, sizeof(xQueryColorsReply));
qcr.type = X_Reply;
qcr.length = (count * sizeof(xrgb)) >> 2;
qcr.sequenceNumber = client->sequence;
@@ -2987,6 +2995,7 @@ ProcQueryBestSize (ClientPtr client)
return rc;
(* pScreen->QueryBestSize)(stuff->class, &stuff->width,
&stuff->height, pScreen);
+ memset(&reply, 0, sizeof(xQueryBestSizeReply));
reply.type = X_Reply;
reply.length = 0;
reply.sequenceNumber = client->sequence;
@@ -3700,6 +3709,7 @@ SendErrorToClient(ClientPtr client, unsigned majorCode, unsigned minorCode,
{
xError rep;
+ memset(&rep, 0, sizeof(xError));
rep.type = X_Error;
rep.sequenceNumber = client->sequence;
rep.errorCode = errorCode;
diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index 9f596e8..d8bd71b 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -793,6 +793,7 @@ finish:
for (i = 0; i < nnames; i++)
stringLens += (names->length[i] <= 255) ? names->length[i] : 0;
+ memset(&reply, 0, sizeof(xListFontsReply));
reply.type = X_Reply;
reply.length = (stringLens + nnames + 3) >> 2;
reply.nFonts = nnames;
@@ -1048,6 +1049,7 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c)
err = AllocError;
break;
}
+ memset(reply + c->length, 0, length - c->length);
c->reply = reply;
c->length = length;
}
diff --git a/dix/events.c b/dix/events.c
index 0db2d6a..2782a17 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -2289,6 +2289,7 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab,
{
/* no XI event delivered. Try core event */
+ memset(&core, 0, sizeof(xEvent));
core = *xE;
core.u.u.type = XItoCoreType(xE->u.u.type);
@@ -3393,6 +3394,7 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count)
if (sendCore)
{
+ memset(&core, 0, sizeof(xEvent));
core = *xE;
core.u.u.type = XItoCoreType(xE->u.u.type);
}
@@ -3491,6 +3493,7 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev,
/* try core event */
if (sendCore && grab->coreGrab)
{
+ memset(&core, 0, sizeof(xEvent));
core = *xE;
core.u.u.type = XItoCoreType(xE->u.u.type);
if(core.u.u.type) {
@@ -3869,6 +3872,7 @@ CoreEnterLeaveEvent(
mask = pWin->eventMask | wOtherEventMasks(pWin);
}
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = type;
event.u.u.detail = detail;
event.u.enterLeave.time = currentTime.milliseconds;
@@ -3949,6 +3953,7 @@ DeviceEnterLeaveEvent(
/* we don't have enough bytes, so we squash flags and mode into
one byte, and use the last byte for the deviceid. */
+ memset(&event, 0, sizeof(xEvent));
devEnterLeave = (deviceEnterNotify*)&event;
devEnterLeave->type = type;
devEnterLeave->detail = detail;
@@ -3990,6 +3995,7 @@ CoreFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin)
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.focus.mode = mode;
event.u.u.type = type;
event.u.u.detail = detail;
@@ -4153,6 +4159,7 @@ ProcGetInputFocus(ClientPtr client)
if (rc != Success)
return rc;
+ memset(&rep, 0, sizeof(xGetInputFocusReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -4243,6 +4250,7 @@ ProcGrabPointer(ClientPtr client)
/* at this point, some sort of reply is guaranteed. */
time = ClientTimeToServerTime(stuff->time);
+ memset(&rep, 0, sizeof(xGrabPointerReply));
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.length = 0;
@@ -4490,6 +4498,7 @@ ProcGrabKeyboard(ClientPtr client)
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
+ memset(&rep, 0, sizeof(xGrabKeyboardReply));
result = GrabDevice(client, keyboard, stuff->keyboardMode,
stuff->pointerMode, stuff->grabWindow,
stuff->ownerEvents, stuff->time,
@@ -4557,6 +4566,7 @@ ProcQueryPointer(ClientPtr client)
pSprite = mouse->spriteInfo->sprite;
if (mouse->valuator->motionHintWindow)
MaybeStopHint(mouse, client);
+ memset(&rep, 0, sizeof(xQueryPointerReply));
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.mask = mouse->button->state;
diff --git a/dix/extension.c b/dix/extension.c
index 330fd28..6b92e56 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -268,6 +268,7 @@ ProcQueryExtension(ClientPtr client)
REQUEST_FIXED_SIZE(xQueryExtensionReq, stuff->nbytes);
+ memset(&reply, 0, sizeof(xQueryExtensionReply));
reply.type = X_Reply;
reply.length = 0;
reply.major_opcode = 0;
@@ -301,6 +302,7 @@ ProcListExtensions(ClientPtr client)
REQUEST_SIZE_MATCH(xReq);
+ memset(&reply, 0, sizeof(xListExtensionsReply));
reply.type = X_Reply;
reply.nExtensions = 0;
reply.length = 0;
diff --git a/dix/main.c b/dix/main.c
index 3c25e2e..ec236d8 100644
--- a/dix/main.c
+++ b/dix/main.c
@@ -491,6 +491,7 @@ CreateConnectionBlock(void)
char *pBuf;
+ memset(&setup, 0, sizeof(xConnSetup));
/* Leave off the ridBase and ridMask, these must be sent with
connection */
@@ -531,6 +532,7 @@ CreateConnectionBlock(void)
while (--i >= 0)
*pBuf++ = 0;
+ memset(&format, 0, sizeof(xPixmapFormat));
for (i=0; i<screenInfo.numPixmapFormats; i++)
{
format.depth = screenInfo.formats[i].depth;
@@ -542,6 +544,8 @@ CreateConnectionBlock(void)
}
connBlockScreenStart = sizesofar;
+ memset(&depth, 0, sizeof(xDepth));
+ memset(&visual, 0, sizeof(xVisualType));
for (i=0; i<screenInfo.numScreens; i++)
{
ScreenPtr pScreen;
diff --git a/dix/property.c b/dix/property.c
index 5bf4232..0929dca 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -111,6 +111,7 @@ deliverPropertyNotifyEvent(WindowPtr pWin, int state, Atom atom)
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = PropertyNotify;
event.u.property.window = pWin->drawable.id;
event.u.property.state = state;
@@ -479,6 +480,7 @@ ProcGetProperty(ClientPtr client)
return(BadAtom);
}
+ memset(&reply, 0, sizeof(xGetPropertyReply));
reply.type = X_Reply;
reply.sequenceNumber = client->sequence;
diff --git a/dix/selection.c b/dix/selection.c
index 1fd0d21..d72f381 100644
--- a/dix/selection.c
+++ b/dix/selection.c
@@ -243,6 +243,7 @@ ProcGetSelectionOwner(ClientPtr client)
return BadAtom;
}
+ memset(&reply, 0, sizeof(xGetSelectionOwnerReply));
reply.type = X_Reply;
reply.length = 0;
reply.sequenceNumber = client->sequence;
@@ -284,6 +285,7 @@ ProcConvertSelection(ClientPtr client)
rc = dixLookupSelection(&pSel, stuff->selection, client, DixReadAccess);
+ memset(&event, 0, sizeof(xEvent));
if (rc != Success && rc != BadMatch)
return rc;
else if (rc == Success && pSel->window != None) {
diff --git a/dix/window.c b/dix/window.c
index d4c587e..6974b7c 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -774,6 +774,7 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
if (SubSend(pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = CreateNotify;
event.u.createNotify.window = wid;
event.u.createNotify.parent = pParent->drawable.id;
@@ -889,6 +890,7 @@ CrushTree(WindowPtr pWin)
pParent = pChild->parent;
if (SubStrSend(pChild, pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = DestroyNotify;
event.u.destroyNotify.window = pChild->drawable.id;
DeliverEvents(pChild, &event, 1, NullWindow);
@@ -935,6 +937,7 @@ DeleteWindow(pointer value, XID wid)
pParent = pWin->parent;
if (wid && pParent && SubStrSend(pWin, pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = DestroyNotify;
event.u.destroyNotify.window = pWin->drawable.id;
DeliverEvents(pWin, &event, 1, NullWindow);
@@ -2244,6 +2247,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
(RedirectSend(pParent)
))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = ConfigureRequest;
event.u.configureRequest.window = pWin->drawable.id;
if (mask & CWSibling)
@@ -2278,6 +2282,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
if (size_change && ((pWin->eventMask|wOtherEventMasks(pWin)) & ResizeRedirectMask))
{
xEvent eventT;
+ memset(&eventT, 0, sizeof(xEvent));
eventT.u.u.type = ResizeRequest;
eventT.u.resizeRequest.window = pWin->drawable.id;
eventT.u.resizeRequest.width = w;
@@ -2324,6 +2329,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
ActuallyDoSomething:
if (SubStrSend(pWin, pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = ConfigureNotify;
event.u.configureNotify.window = pWin->drawable.id;
if (pSib)
@@ -2480,6 +2486,7 @@ ReparentWindow(WindowPtr pWin, WindowPtr pParent,
if (WasMapped)
UnmapWindow(pWin, FALSE);
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = ReparentNotify;
event.u.reparent.window = pWin->drawable.id;
event.u.reparent.parent = pParent->drawable.id;
@@ -2640,6 +2647,7 @@ MapWindow(WindowPtr pWin, ClientPtr client)
(RedirectSend(pParent)
))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapRequest;
event.u.mapRequest.window = pWin->drawable.id;
event.u.mapRequest.parent = pParent->drawable.id;
@@ -2652,6 +2660,7 @@ MapWindow(WindowPtr pWin, ClientPtr client)
pWin->mapped = TRUE;
if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapNotify;
event.u.mapNotify.window = pWin->drawable.id;
event.u.mapNotify.override = pWin->overrideRedirect;
@@ -2726,6 +2735,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client)
{
if (parentRedirect && !pWin->overrideRedirect)
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapRequest;
event.u.mapRequest.window = pWin->drawable.id;
event.u.mapRequest.parent = pParent->drawable.id;
@@ -2738,6 +2748,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client)
pWin->mapped = TRUE;
if (parentNotify || StrSend(pWin))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapNotify;
event.u.mapNotify.window = pWin->drawable.id;
event.u.mapNotify.override = pWin->overrideRedirect;
@@ -2850,6 +2861,7 @@ UnmapWindow(WindowPtr pWin, Bool fromConfigure)
return(Success);
if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = UnmapNotify;
event.u.unmapNotify.window = pWin->drawable.id;
event.u.unmapNotify.fromConfigure = fromConfigure;
@@ -3113,6 +3125,7 @@ SendVisibilityNotify(WindowPtr pWin)
}
#endif
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = VisibilityNotify;
event.u.visibility.window = pWin->drawable.id;
event.u.visibility.state = visibility;
diff --git a/mi/miexpose.c b/mi/miexpose.c
index 082f906..5746a5f 100644
--- a/mi/miexpose.c
+++ b/mi/miexpose.c
@@ -381,6 +381,7 @@ miSendGraphicsExpose (ClientPtr client, RegionPtr pRgn, XID drawable,
else
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = NoExpose;
event.u.noExposure.drawable = drawable;
event.u.noExposure.majorEvent = major;
@@ -401,7 +402,7 @@ miSendExposures( WindowPtr pWin, RegionPtr pRgn, int dx, int dy)
pBox = REGION_RECTS(pRgn);
numRects = REGION_NUM_RECTS(pRgn);
- if(!(pEvent = xalloc(numRects * sizeof(xEvent))))
+ if(!(pEvent = xcalloc(1, numRects * sizeof(xEvent))))
return;
for (i=numRects, pe = pEvent; --i >= 0; pe++, pBox++)
diff --git a/randr/rrxinerama.c b/randr/rrxinerama.c
index 36135c6..c37c46a 100644
--- a/randr/rrxinerama.c
+++ b/randr/rrxinerama.c
@@ -246,6 +246,7 @@ ProcRRXineramaIsActive(ClientPtr client)
REQUEST_SIZE_MATCH(xXineramaIsActiveReq);
+ memset(&rep, 0, sizeof(xXineramaIsActiveReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
diff --git a/render/render.c b/render/render.c
index 658b170..abd0a68 100644
--- a/render/render.c
+++ b/render/render.c
@@ -266,6 +266,7 @@ ProcRenderQueryVersion (ClientPtr client)
pRenderClient->minor_version = stuff->minorVersion;
REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
+ memset(&rep, 0, sizeof(xRenderQueryVersionReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -363,7 +364,7 @@ ProcRenderQueryPictFormats (ClientPtr client)
ndepth * sizeof (xPictDepth) +
nvisual * sizeof (xPictVisual) +
numSubpixel * sizeof (CARD32));
- reply = (xRenderQueryPictFormatsReply *) xalloc (rlength);
+ reply = (xRenderQueryPictFormatsReply *) xcalloc (1, rlength);
if (!reply)
return BadAlloc;
reply->type = X_Reply;
diff --git a/xfixes/select.c b/xfixes/select.c
index 12a165f..795b8bd 100644
--- a/xfixes/select.c
+++ b/xfixes/select.c
@@ -83,6 +83,7 @@ XFixesSelectionCallback (CallbackListPtr *callbacks, pointer data, pointer args)
{
xXFixesSelectionNotifyEvent ev;
+ memset(&ev, 0, sizeof(xXFixesSelectionNotifyEvent));
ev.type = XFixesEventBase + XFixesSelectionNotify;
ev.subtype = subtype;
ev.sequenceNumber = e->pClient->sequence;
diff --git a/xfixes/xfixes.c b/xfixes/xfixes.c
index d1225c6..3b8ed5a 100644
--- a/xfixes/xfixes.c
+++ b/xfixes/xfixes.c
@@ -69,6 +69,7 @@ ProcXFixesQueryVersion(ClientPtr client)
REQUEST(xXFixesQueryVersionReq);
REQUEST_SIZE_MATCH(xXFixesQueryVersionReq);
+ memset(&rep, 0, sizeof(xXFixesQueryVersionReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 30d58bf..7e756d1 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -179,6 +179,7 @@ ProcXkbUseExtension(ClientPtr client)
stuff->wantedMajor,stuff->wantedMinor,
XkbMajorVersion,XkbMinorVersion);
}
+ memset(&rep, 0, sizeof(xkbUseExtensionReply));
rep.type = X_Reply;
rep.supported = supported;
rep.length = 0;
@@ -1363,7 +1364,7 @@ unsigned i,len;
char *desc,*start;
len= (rep->length*4)-(SIZEOF(xkbGetMapReply)-SIZEOF(xGenericReply));
- start= desc= (char *)xalloc(len);
+ start= desc= (char *)xcalloc(1, len);
if (!start)
return BadAlloc;
if ( rep->nTypes>0 )
@@ -3773,6 +3774,7 @@ ProcXkbGetNames(ClientPtr client)
CHK_MASK_LEGAL(0x01,stuff->which,XkbAllNamesMask);
xkb = dev->key->xkbInfo->desc;
+ memset(&rep, 0, sizeof(xkbGetNamesReply));
rep.type= X_Reply;
rep.sequenceNumber= client->sequence;
rep.length = 0;
@@ -5353,6 +5355,7 @@ ProcXkbPerClientFlags(ClientPtr client)
CHK_MASK_MATCH(0x02,stuff->change,stuff->value);
interest = XkbFindClientResource((DevicePtr)dev,client);
+ memset(&rep, 0, sizeof(xkbPerClientFlagsReply));
rep.type= X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
index 6c2d32d..a2b99a2 100644
--- a/xkb/xkbEvents.c
+++ b/xkb/xkbEvents.c
@@ -838,6 +838,7 @@ XkbSrvLedInfoPtr sli;
}
if (pChanges->map.changed) {
xkbMapNotify mn;
+ memset(&mn, 0, sizeof(xkbMapNotify));
mn.changed= pChanges->map.changed;
mn.firstType= pChanges->map.first_type;
mn.nTypes= pChanges->map.num_types;
@@ -859,6 +860,7 @@ XkbSrvLedInfoPtr sli;
if ((pChanges->ctrls.changed_ctrls)||
(pChanges->ctrls.enabled_ctrls_changes)) {
xkbControlsNotify cn;
+ memset(&cn, 0, sizeof(xkbControlsNotify));
cn.changedControls= pChanges->ctrls.changed_ctrls;
cn.enabledControlChanges= pChanges->ctrls.enabled_ctrls_changes;
cn.keycode= cause->kc;
@@ -871,6 +873,7 @@ XkbSrvLedInfoPtr sli;
xkbIndicatorNotify in;
if (sli==NULL)
sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0);
+ memset(&in, 0, sizeof(xkbIndicatorNotify));
in.state= sli->effectiveState;
in.changed= pChanges->indicators.map_changes;
XkbSendIndicatorNotify(kbd,XkbIndicatorMapNotify,&in);
@@ -879,12 +882,14 @@ XkbSrvLedInfoPtr sli;
xkbIndicatorNotify in;
if (sli==NULL)
sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0);
+ memset(&in, 0, sizeof(xkbIndicatorNotify));
in.state= sli->effectiveState;
in.changed= pChanges->indicators.state_changes;
XkbSendIndicatorNotify(kbd,XkbIndicatorStateNotify,&in);
}
if (pChanges->names.changed) {
xkbNamesNotify nn;
+ memset(&nn, 0, sizeof(xkbNamesNotify));
nn.changed= pChanges->names.changed;
nn.firstType= pChanges->names.first_type;
nn.nTypes= pChanges->names.num_types;
@@ -897,6 +902,7 @@ XkbSrvLedInfoPtr sli;
}
if ((pChanges->compat.changed_groups)||(pChanges->compat.num_si>0)) {
xkbCompatMapNotify cmn;
+ memset(&cmn, 0, sizeof(xkbCompatMapNotify));
cmn.changedGroups= pChanges->compat.changed_groups;
cmn.firstSI= pChanges->compat.first_si;
cmn.nSI= pChanges->compat.num_si;
diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
index 98f9fc5..aa63b35 100644
--- a/xkb/xkbUtils.c
+++ b/xkb/xkbUtils.c
@@ -2097,6 +2097,7 @@ XkbCopyDeviceKeymap(DeviceIntPtr dst, DeviceIntPtr src)
if (!dst->key || !src->key)
return FALSE;
+ memset(&nkn, 0, sizeof(xkbNewKeyboardNotify));
nkn.oldMinKeyCode = dst->key->xkbInfo->desc->min_key_code;
nkn.oldMaxKeyCode = dst->key->xkbInfo->desc->max_key_code;
nkn.deviceID = dst->id;
--
1.5.2.2
More information about the xorg-devel
mailing list