[PATCH:libX11] Bug 93184: read_EncodingInfo invalid free
walter harms
wharms at bfs.de
Fri Dec 4 00:05:54 PST 2015
Am 04.12.2015 08:30, schrieb Alan Coopersmith:
> Free the correct bits of memory if we run out and need to unwind
>
> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=93184
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
> modules/om/generic/omGeneric.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
> index 610361b..724f47e 100644
> --- a/modules/om/generic/omGeneric.c
> +++ b/modules/om/generic/omGeneric.c
> @@ -1877,13 +1877,13 @@ read_EncodingInfo(
> {
> FontData font_data,ret;
> char *buf, *bufptr,*scp;
> - int len;
> + int len, i;
> font_data = Xcalloc(count, sizeof(FontDataRec));
> if (font_data == NULL)
> return NULL;
>
> ret = font_data;
> - for ( ; count-- > 0; font_data++) {
> + for (i = 0; i < count; i++, font_data++) {
> /*
> strcpy(buf, *value++);
> */
> @@ -1895,7 +1895,8 @@ read_EncodingInfo(
> len = strlen(buf);
> font_data->name = Xmalloc(len + 1);
> if (font_data->name == NULL) {
> - Xfree(font_data);
> + free_fontdataOM(ret, i + 1);
> + Xfree(ret);
> return NULL;
> }
> strncpy(font_data->name, buf,len);
could you also replace strlen+malloc+strncopy with strdup() ?
re,
wh
More information about the xorg-devel
mailing list