[PATCH 2/2] [libX11] xcms/cmsProp: don't deal with uninitialized values, fail instead

Erkki Seppälä erkki.seppala at vincit.fi
Fri Feb 4 01:43:57 PST 2011


Properly handle the return value of XGetWindowProperty by considering
if after the loop as well.

Using freed pointer "prop_ret"

There were numerous things wrong in how this function interacted with
XGetWindowProperty.

None of the local variables were initialized and remained that way if
the call to XGetWindowProperty returned 1 (not Succeed). That doesn't
result in after_ret being initialized in which case if it happens to
be 0, the loop was exited. In that case format_ret and nitems_ret were
uninitialized and the function might return with success (but with
uninitialized pointer in prop_ret) or XcmsFailure.

As the buffer enlarging code was called only when XGetWindowProperty
failed (returned not Success), after_ret would not have been
initialized. It would have been initialized only if the
XGetWindowProperty has returned Success earlier, but in that case the
code fragment would not have been reached.

This patch alters the function to return XcmsFailure if the call to
XGetWindowProperty fails.

Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira at nokia.com>
Reviewed-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
Signed-off-by: Erkki Seppälä <erkki.seppala at vincit.fi>
---
 src/xcms/cmsProp.c |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/xcms/cmsProp.c b/src/xcms/cmsProp.c
index 856ae84..2826ee7 100644
--- a/src/xcms/cmsProp.c
+++ b/src/xcms/cmsProp.c
@@ -121,20 +121,23 @@ _XcmsGetProperty(
     long len = 6516;
     unsigned long nitems_ret, after_ret;
     Atom atom_ret;
+    int xgwp_ret;
 
-    while (XGetWindowProperty (pDpy, w, property, 0, len, False,
-			       XA_INTEGER, &atom_ret, &format_ret,
-			       &nitems_ret, &after_ret,
-			       (unsigned char **)&prop_ret)) {
-	if (after_ret > 0) {
+    while (True) {
+	xgwp_ret = XGetWindowProperty (pDpy, w, property, 0, len, False,
+				       XA_INTEGER, &atom_ret, &format_ret,
+				       &nitems_ret, &after_ret,
+				       (unsigned char **)&prop_ret);
+	if (xgwp_ret == Success && after_ret > 0) {
 	    len += nitems_ret * (format_ret >> 3);
 	    XFree (prop_ret);
 	} else {
 	    break;
 	}
     }
-    if (format_ret == 0 || nitems_ret == 0) {
-	/* the property does not exist or is of an unexpected type */
+    if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) {
+	/* the property does not exist or is of an unexpected type or
+           getting window property failed */
 	return(XcmsFailure);
     }
 
-- 
1.7.0.4



More information about the xorg-devel mailing list