diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-01-27 10:06:42 -0800 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-02-05 18:30:10 -0800 |
| commit | f4a9332ad149ed15353a9c482563bdd042d0b403 (patch) | |
| tree | f66560b446886d4b202ab3e8e644ad5cadde768b /Xext/sync.c | |
| parent | 7fe5e6dfa5c1e71d8b7540b28c1d508687a2fbee (diff) | |
Handle failure to create counter in init_system_idle_counter
Check for NULL pointer (which can be returned for multiple reasons)
before trying to dereference it to add privates. To avoid memory leak
in error path, delay malloc of privates until we're ready to add them.
In case we do return NULL up through SyncInitDeviceIdleTime, handle the
possibility of getting NULL passed back down to SyncRemoveDeviceIdleTime.
As reported by parfait 1.1:
Error: Null pointer dereference (CWE 476)
Read from null pointer 'idle_time_counter'
at line 2764 of xserver/Xext/sync.c in function 'init_system_idle_counter'.
Function 'SyncCreateSystemCounter' may return constant 'NULL' at line 952, called at line 2756.
Null pointer introduced at line 952 in function 'SyncCreateSystemCounter'.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'Xext/sync.c')
| -rw-r--r-- | Xext/sync.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/Xext/sync.c b/Xext/sync.c index 4d11992bb..9ae5b3981 100644 --- a/Xext/sync.c +++ b/Xext/sync.c @@ -2747,7 +2747,6 @@ init_system_idle_counter(const char *name, int deviceid) { CARD64 resolution; XSyncValue idle; - IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv)); SyncCounter *idle_time_counter; IdleTimeQueryValue(NULL, &idle); @@ -2758,10 +2757,14 @@ init_system_idle_counter(const char *name, int deviceid) IdleTimeQueryValue, IdleTimeBracketValues); - priv->deviceid = deviceid; - priv->value_less = priv->value_greater = NULL; + if (idle_time_counter != NULL) { + IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv)); - idle_time_counter->pSysCounterInfo->private = priv; + priv->value_less = priv->value_greater = NULL; + priv->deviceid = deviceid; + + idle_time_counter->pSysCounterInfo->private = priv; + } return idle_time_counter; } @@ -2786,6 +2789,6 @@ void SyncRemoveDeviceIdleTime(SyncCounter *counter) /* FreeAllResources() frees all system counters before the devices are shut down, check if there are any left before freeing the device's counter */ - if (!xorg_list_is_empty(&SysCounterList)) + if (counter && !xorg_list_is_empty(&SysCounterList)) xorg_list_del(&counter->pSysCounterInfo->entry); } |