[PATCH 00/25] Various fixes based on static analysis - remaining patches

Erkki Seppälä erkki.seppala at vincit.fi
Mon Jan 31 03:07:07 PST 2011 

Here are the remaining patches of the libx11 static analysis batch
that have not yet received feedback from the list. Next up,
pull-request :).

Ander Conselvan de Oliveira (6):
  Double free of pointer "property_return" in call to "free"
  xcms/LRGB: Fix potential resource leak.
  xcms/LRGB: Add a label for freeing property_return.
  Using freed pointer "prop_ret"
  Variable "wd_array" goes out of scope Value "wd_array" is overwritten
    in "wd_array = (XPointer*)realloc((char*)info_list->watch_data,
    (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count
    + 1) * 4U)))"
  Using uninitialized value "conv->state" in call to function
    "close_converter"

Erkki Seppälä (19):
  Variable "fs" not freed or pointed-to in function "get_prop_name"
  Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used
  Pointer "pBuf" returned from "fgets(buf, 256, stream)" is never used
  Using uninitialized value "new"
  Possible overrun of 8192 byte fixed size buffer "buffer" by copying
    "ext->name" without length checking
  Variable "colormap_ret" goes out of scope
  Variable "missing_list" goes out of scope
  Variable "colormap_ret" goes out of scope
  Variable "colormap_ret" goes out of scope
  Variable "colormap_ret" goes out of scope
  Variable "image" goes out of scope
  Variable "prop_name" not freed or pointed-to in function "strlen"
  Variable "table" goes out of scope
  Tracked variable "size" was passed to a negative sink.
  Using uninitialized value "error.resourceID" in call to function
    "_XError"
  Return value of "XGetWindowProperty(im->core.display,
    spec->lib_connect_wid, prop, 0L, (length + bytes_after_ret + 3UL) /
    4UL, 1, 0UL, &type_ret, &format_ret, &nitems, &bytes_after_ret,
    &prop_ret)" is not checked
  a negative value was passed to memcpy
  Cannot reach dead expression "0U" inside statement "if (1U +
    (target_dir ? strl..."
  Cannot reach dead expression "0U" inside statement "if (1U +
    (target_dir ? strl..."

 modules/im/ximcp/imLcLkup.c |    4 ++++
 modules/im/ximcp/imRm.c     |    4 ++++
 modules/im/ximcp/imRmAttr.c |    7 +++++--
 modules/im/ximcp/imTrX.c    |   33 +++++++++++++++++++++------------
 modules/lc/def/lcDefConv.c  |    2 +-
 modules/lc/gen/lcGenConv.c  |    2 +-
 src/GetProp.c               |    2 +-
 src/ImUtil.c                |    1 +
 src/XlibInt.c               |    8 +++++---
 src/Xrm.c                   |   10 +++++++++-
 src/xcms/LRGB.c             |   25 ++++++++++---------------
 src/xcms/cmsColNm.c         |    4 ++--
 src/xcms/cmsProp.c          |   11 ++++++-----
 src/xlibi18n/XDefaultOMIF.c |    9 +++++----
 src/xlibi18n/lcFile.c       |    6 ++----
 src/xlibi18n/lcGeneric.c    |    2 +-
 16 files changed, 78 insertions(+), 52 deletions(-)

More information about the xorg-devel mailing list