diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2024-10-12 16:38:55 -0700 |
---|---|---|
committer | Marge Bot <emma+marge@anholt.net> | 2024-10-28 05:38:25 +0000 |
commit | 7af077dd2f939b76e7d6ba84250368b6649fb777 (patch) | |
tree | 174e55e34e5967401e9580010cbca1db0497a90f /render | |
parent | d10589cc09c68ad09bebd3a4155c44d1b8f2614b (diff) |
render: avoid NULL pointer dereference if PictureFindVisual returns NULL
Found by Oracle Parfait 13.3:
Null pointer dereference [null-pointer-deref]:
Read from null pointer pVisual
at line 257 of dix/colormap.c in function 'CreateColormap'.
Null pointer introduced at line 412 of render/picture.c in
function 'PictureFindVisual'.
Constant 'NULL' passed into function CreateColormap, argument
pVisual, from call at line 431 in function
'PictureInitIndexedFormat'.
Function PictureFindVisual may return constant 'NULL' at
line 412, called at line 429.
Fixes: d4a101d4e ("Integration of DAMAGE-XFIXES branch to trunk")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1730>
Diffstat (limited to 'render')
-rw-r--r-- | render/picture.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/render/picture.c b/render/picture.c index c55dcd84e..dd31f2bb9 100644 --- a/render/picture.c +++ b/render/picture.c @@ -429,6 +429,9 @@ PictureInitIndexedFormat(ScreenPtr pScreen, PictFormatPtr format) else { VisualPtr pVisual = PictureFindVisual(pScreen, format->index.vid); + if (pVisual == NULL) + return FALSE; + if (CreateColormap(FakeClientID(0), pScreen, pVisual, &format->index.pColormap, AllocNone, 0) != Success) |