[PATCH 1/8] Handle failure to create counter in init_system_idle_counter

Peter Hutterer peter.hutterer at who-t.net
Mon Jan 28 17:49:53 PST 2013 

On Mon, Jan 28, 2013 at 05:08:35PM -0800, Alan Coopersmith wrote:
> Check for NULL pointer (which can be returned for multiple reasons)
> before trying to dereference it to add privates.   To avoid memory leak
> in error path, delay malloc of privates until we're ready to add them.
> 
> As reported by parfait 1.1:
> Error: Null pointer dereference (CWE 476)
>    Read from null pointer 'idle_time_counter'
>         at line 2764 of xserver/Xext/sync.c in function 'init_system_idle_counter'.
>           Function 'SyncCreateSystemCounter' may return constant 'NULL' at line 952, called at line 2756.
>           Null pointer introduced at line 952 in function 'SyncCreateSystemCounter'.
> 
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
>  Xext/sync.c |   11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/Xext/sync.c b/Xext/sync.c
> index 4d11992..b48da26 100644
> --- a/Xext/sync.c
> +++ b/Xext/sync.c
> @@ -2747,7 +2747,6 @@ init_system_idle_counter(const char *name, int deviceid)
>  {
>      CARD64 resolution;
>      XSyncValue idle;
> -    IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
>      SyncCounter *idle_time_counter;
>  
>      IdleTimeQueryValue(NULL, &idle);
> @@ -2758,10 +2757,14 @@ init_system_idle_counter(const char *name, int deviceid)
>                                                  IdleTimeQueryValue,
>                                                  IdleTimeBracketValues);
>  
> -    priv->deviceid = deviceid;
> -    priv->value_less = priv->value_greater = NULL;
> +    if (idle_time_counter != NULL) {
> +        IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
>  
> -    idle_time_counter->pSysCounterInfo->private = priv;
> +        priv->value_less = priv->value_greater = NULL;
> +        priv->deviceid = deviceid;
> +
> +        idle_time_counter->pSysCounterInfo->private = priv;
> +    }
>  
>      return idle_time_counter;
>  }
> -- 
> 1.7.9.2

looks good, but if you return NULL, device->idle_counter may end up NULL, so
we need at least a check for that in SyncRemoveDeviceIdleTime().

with that, Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>

Cheers,
   Peter

More information about the xorg-devel mailing list