[PATCH app/twm 1/2] When replacing a colormap, free old map, not new one
Alan Coopersmith
alan.coopersmith at oracle.com
Sun Sep 30 21:44:35 UTC 2018
Found by Oracle's Parfait 2.2 static analyzer:
Error: Use after free
Use after free [use-after-free] (CWE 416):
Use after free of pointer Scr
at line 421 of src/util.c in function 'InsertRGBColormap'.
Invalid pointer accessible via global Scr at line 105 of src/twm.c
maps escapes to sc->maps at line 419 of src/util.c in function 'InsertRGBColormap'
maps freed with XFree at line 406
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
src/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util.c b/src/util.c
index 8e9dab9..e254cd5 100644
--- a/src/util.c
+++ b/src/util.c
@@ -403,7 +403,7 @@ InsertRGBColormap (Atom a, XStandardColormap *maps, int nmaps, Bool replace)
}
if (replace) { /* just update contents */
- if (sc->maps) XFree (maps);
+ if (sc->maps) XFree (sc->maps);
if (sc == Scr->StdCmapInfo.mru) Scr->StdCmapInfo.mru = NULL;
} else { /* else appending */
sc->next = NULL;
--
2.15.2
More information about the xorg-devel
mailing list