diff options
| author | Stuart Kreitman <stuart.kreitman@sun.com> | 2004-04-02 06:31:37 +0000 |
|---|---|---|
| committer | Stuart Kreitman <stuart.kreitman@sun.com> | 2004-04-02 06:31:37 +0000 |
| commit | ca9818d109e53e87d725e7dd53b905c8ccda63b6 (patch) | |
| tree | 45821915ba4c7319515f6cfb18240224aaa8a14a | |
| parent | d7684c666fe80626ffdcad25b155b057653edfc2 (diff) | |
Memory overrun due to incomplete implementation of saveSetElt dataDAMAGE-XFIXES
structure
Modified Files: Tag: DAMAGE-XFIXES window.c dixutils.c
| -rw-r--r-- | dix/dixutils.c | 21 | ||||
| -rw-r--r-- | dix/window.c | 4 |
2 files changed, 22 insertions, 3 deletions
diff --git a/dix/dixutils.c b/dix/dixutils.c index 7c2fe09e3..4acb8c532 100644 --- a/dix/dixutils.c +++ b/dix/dixutils.c @@ -353,7 +353,11 @@ AlterSaveSetForClient(ClientPtr client, Bool remap) { int numnow; +#ifdef XFIXES + SaveSetElt *pTmp = NULL; +#else pointer *pTmp = NULL; +#endif int j; numnow = client->numSaved; @@ -361,7 +365,7 @@ AlterSaveSetForClient(ClientPtr client, if (numnow) { pTmp = client->saveSet; - while ((j < numnow) && (pTmp[j] != (pointer)pWin)) + while ((j < numnow) && (SaveSetWindow(pTmp[j]) != (pointer)pWin)) j++; } if (mode == SetModeInsert) @@ -369,7 +373,11 @@ AlterSaveSetForClient(ClientPtr client, if (j < numnow) /* duplicate */ return(Success); numnow++; +#ifdef XFIXES + pTmp = (SaveSetElt *)xrealloc(client->saveSet, sizeof(SaveSetElt) * numnow); +#else pTmp = (pointer *)xrealloc(client->saveSet, sizeof(pointer) * numnow); +#endif if (!pTmp) return(BadAlloc); client->saveSet = pTmp; @@ -389,15 +397,22 @@ AlterSaveSetForClient(ClientPtr client, numnow--; if (numnow) { - pTmp = (pointer *)xrealloc(client->saveSet, - sizeof(pointer) * numnow); +#ifdef XFIXES + pTmp = (SaveSetElt *)xrealloc(client->saveSet, sizeof(SaveSetElt) * numnow); +#else + pTmp = (pointer *)xrealloc(client->saveSet, sizeof(pointer) * numnow); +#endif if (pTmp) client->saveSet = pTmp; } else { xfree(client->saveSet); +#ifdef XFIXES + client->saveSet = (SaveSetElt *)NULL; +#else client->saveSet = (pointer *)NULL; +#endif } client->numSaved = numnow; return(Success); diff --git a/dix/window.c b/dix/window.c index 7aea71e84..59afa0465 100644 --- a/dix/window.c +++ b/dix/window.c @@ -3179,7 +3179,11 @@ HandleSaveSet(client) } xfree(client->saveSet); client->numSaved = 0; +#ifdef XFIXES client->saveSet = (SaveSetElt *)NULL; +#else + client->saveSet = (pointer *)NULL; +#endif } Bool |