[PATCH:libX11] Bug 93184: read_EncodingInfo invalid free
walter harms
wharms at bfs.de
Fri Dec 4 01:21:55 PST 2015
Am 04.12.2015 09:40, schrieb Alan Coopersmith:
> On 12/ 4/15 12:05 AM, walter harms wrote:
>> Am 04.12.2015 08:30, schrieb Alan Coopersmith:
>>> @@ -1895,7 +1895,8 @@ read_EncodingInfo(
>>> len = strlen(buf);
>>> font_data->name = Xmalloc(len + 1);
>>> if (font_data->name == NULL) {
>>> - Xfree(font_data);
>>> + free_fontdataOM(ret, i + 1);
>>> + Xfree(ret);
>>> return NULL;
>>> }
>>> strncpy(font_data->name, buf,len);
>>
>>
>> could you also replace strlen+malloc+strncopy with strdup() ?
>
> Not in this case without rewriting the code paths more - the missing
> context here is:
>
> if ((bufptr = strchr(buf, ':'))) {
> len = (int)(bufptr - buf);
> bufptr++ ;
> } else
> len = strlen(buf);
> font_data->name = Xmalloc(len + 1);
> if (font_data->name == NULL) {
> free_fontdataOM(ret, i + 1);
> Xfree(ret);
> return NULL;
> }
> strncpy(font_data->name, buf,len);
> font_data->name[len] = 0;
>
> Maybe could do something like
> if (... strchr ...)
> font_data->name = strndup
> else
> font_data->name = strdup
>
> but that sounds like something to keep to a separate patch.
>
yes, NTL i suggest a FIXME comment here :)
re,
wh
More information about the xorg-devel
mailing list