[PATCH 2/3] GrabDevice() needs to handle NULL return value from AllocGrab()
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Jan 6 17:10:39 PST 2014
GrabDevice() calls AllocGrab() which can fail and return NULL.
This return value is not checked, and can cause NULL pointer dereferences.
Reported-by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
dix/events.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/dix/events.c b/dix/events.c
index 4aaa54c..2f0605e 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -5051,7 +5051,7 @@ ProcUngrabPointer(ClientPtr client)
* @param other_mode GrabModeSync or GrabModeAsync
* @param status Return code to be returned to the caller.
*
- * @returns Success or BadValue.
+ * @returns Success or BadValue or BadAlloc.
*/
int
GrabDevice(ClientPtr client, DeviceIntPtr dev,
@@ -5132,6 +5132,8 @@ GrabDevice(ClientPtr client, DeviceIntPtr dev,
GrabPtr tempGrab;
tempGrab = AllocGrab(NULL);
+ if (tempGrab == NULL)
+ return BadAlloc;
tempGrab->next = NULL;
tempGrab->window = pWin;
--
1.7.9.2
More information about the xorg-devel
mailing list