[PATCH 25/32] [libx11] Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer)realloc((char)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count + 1) * 4U)))"

Wed Jan 26 23:54:08 PST 2011

From: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira at nokia.com>

info_list->watch_data was being reallocated, but the return value of the reallocation was stored only into a local variable. This might cause some funky behavior and crashes.

Reviewed-by: Erkki Seppälä <erkki.seppala at vincit.fi>
Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira at nokia.com>
---
 src/XlibInt.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/src/XlibInt.c b/src/XlibInt.c
index 9f2745e..a78da9b 100644
--- a/src/XlibInt.c
+++ b/src/XlibInt.c
@@ -662,6 +662,7 @@ XAddConnectionWatch(
 	    UnlockDisplay(dpy);
 	    return 0;
 	}
+	info_list->watch_data = wd_array;
 	wd_array[dpy->watcher_count] = NULL;	/* for cleanliness */
     }
 
-- 
1.7.0.4



[PATCH 25/32] [libx11] Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer*)realloc((char*)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count + 1) * 4U)))"

[PATCH 25/32] [libx11] Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer)realloc((char)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count + 1) * 4U)))"