diff options
| author | José Expósito <jexposit@redhat.com> | 2024-04-30 16:37:21 +0200 |
|---|---|---|
| committer | Marge Bot <emma+marge@anholt.net> | 2024-05-07 08:54:50 +0000 |
| commit | 4f5541193dd5a004ed5ea44c12fc25e227113c9b (patch) | |
| tree | c8b2095b5049e04449161309e060a745bccae583 /modules | |
| parent | 90b8fc65da1e773b0091a50be46b23609591e8b7 (diff) | |
Fix use of uninitialized variable in _XimTriggerNotify
`_XimRead()` is being called with `reply` as target buffer instead of
using `preply`, accessing uninitialized memory a few lines later.
This error has been found by a static analysis tool. This is the report:
Error: UNINIT (CWE-457):
libX11-1.8.7/modules/im/ximcp/imDefLkup.c:561: alloc_fn:
Calling "malloc" which returns uninitialized memory.
libX11-1.8.7/modules/im/ximcp/imDefLkup.c:561: assign:
Assigning: "preply" = "malloc((size_t)((len == 0) ? 1 : len))",
which points to uninitialized data.
libX11-1.8.7/modules/im/ximcp/imDefLkup.c:573: uninit_use:
Using uninitialized value "*((CARD8 *)preply)".
# 571| }
# 572| buf_s = (CARD16 *)((char *)preply + XIM_HEADER_SIZE);
# 573|-> if (*((CARD8 *)preply) == XIM_ERROR) {
# 574| _XimProcError(im, 0, (XPointer)&buf_s[3]);
# 575| if(reply != preply)
Signed-off-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/250>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/im/ximcp/imDefLkup.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/im/ximcp/imDefLkup.c b/modules/im/ximcp/imDefLkup.c index 2e53ab23..8ccaee26 100644 --- a/modules/im/ximcp/imDefLkup.c +++ b/modules/im/ximcp/imDefLkup.c @@ -635,7 +635,7 @@ _XimTriggerNotify( } else { buf_size = len; preply = Xmalloc(len); - ret_code = _XimRead(im, &len, (XPointer)reply, buf_size, + ret_code = _XimRead(im, &len, preply, buf_size, _XimTriggerNotifyCheck, (XPointer)ic); if(ret_code != XIM_TRUE) { Xfree(preply); |