1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
From c90f74497dbcb96854346435349c6e2207b530c5 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat, 4 May 2013 21:47:50 -0700
Subject: [PATCH 7/7] Make XRRGet*Property() always initialize returned values
Avoids memory corruption and other errors when callers access them
without checking to see if the calls returned an error value.
Callers are still required to check for errors, this just reduces the
damage when they don't.
(Same as reported against libX11 XGetWindowProperty by Ilja Van Sprundel)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
src/XrrProperty.c | 8 +++++++-
src/XrrProviderProperty.c | 8 +++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/XrrProperty.c b/src/XrrProperty.c
index 707a28d..2096c56 100644
--- a/src/XrrProperty.c
+++ b/src/XrrProperty.c
@@ -259,6 +259,13 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
xRRGetOutputPropertyReq *req;
unsigned long nbytes, rbytes;
+ /* Always initialize return values, in case callers fail to initialize
+ them and fail to check the return code for an error. */
+ *actual_type = None;
+ *actual_format = 0;
+ *nitems = *bytes_after = 0L;
+ *prop = (unsigned char *) NULL;
+
RRCheckExtension (dpy, info, 1);
LockDisplay (dpy);
@@ -280,7 +287,6 @@ XRRGetOutputProperty (Display *dpy, RROutput output,
return ((xError *)&rep)->errorCode;
}
- *prop = (unsigned char *) NULL;
if (rep.propertyType != None) {
int format = rep.format;
diff --git a/src/XrrProviderProperty.c b/src/XrrProviderProperty.c
index 6989580..34cc082 100644
--- a/src/XrrProviderProperty.c
+++ b/src/XrrProviderProperty.c
@@ -259,6 +259,13 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
xRRGetProviderPropertyReq *req;
unsigned long nbytes, rbytes;
+ /* Always initialize return values, in case callers fail to initialize
+ them and fail to check the return code for an error. */
+ *actual_type = None;
+ *actual_format = 0;
+ *nitems = *bytes_after = 0L;
+ *prop = (unsigned char *) NULL;
+
RRCheckExtension (dpy, info, 1);
LockDisplay (dpy);
@@ -280,7 +287,6 @@ XRRGetProviderProperty (Display *dpy, RRProvider provider,
return ((xError *)&rep)->errorCode;
}
- *prop = (unsigned char *) NULL;
if (rep.propertyType != None) {
int format = rep.format;
--
1.8.2.3
|
