[PATCH] XListFontsWithInfo: avoid accessing realloc'ed memory
Nickolai Zeldovich
nickolai at csail.mit.edu
Tue Jan 22 07:03:00 PST 2013
If exactly one of the two reallocs in XListFontsWithInfo() fails, the
subsequent code accesses memory freed by the other realloc.
Signed-off-by: Nickolai Zeldovich <nickolai at csail.mit.edu>
---
src/FontInfo.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/FontInfo.c b/src/FontInfo.c
index a3ab65b..97de40e 100644
--- a/src/FontInfo.c
+++ b/src/FontInfo.c
@@ -90,6 +90,11 @@ XFontStruct **info) /* RETURN */
Xrealloc ((char *) flist,
(unsigned) (sizeof(char *) * (size+1)));
+ if (tmp_finfo)
+ finfo = tmp_finfo;
+ if (tmp_flist)
+ flist = tmp_flist;
+
if ((! tmp_finfo) || (! tmp_flist)) {
/* free all the memory that we allocated */
for (j=(i-1); (j >= 0); j--) {
@@ -97,14 +102,10 @@ XFontStruct **info) /* RETURN */
if (finfo[j].properties)
Xfree((char *) finfo[j].properties);
}
- if (tmp_flist) Xfree((char *) tmp_flist);
- else Xfree((char *) flist);
- if (tmp_finfo) Xfree((char *) tmp_finfo);
- else Xfree((char *) finfo);
+ Xfree((char *) flist);
+ Xfree((char *) finfo);
goto clearwire;
}
- finfo = tmp_finfo;
- flist = tmp_flist;
}
else {
if (! (finfo = (XFontStruct *)
--
1.7.10.4
More information about the xorg-devel
mailing list