From f67a87dad40141f50f4da35b28a92a974bfdf7e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
Date: Tue, 30 Apr 2024 18:04:35 +0200
Subject: [PATCH 5/6] Fix memory leak in _XimProtoSetIMValues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This error has been found by a static analysis tool. This is the report:

    Error: RESOURCE_LEAK (CWE-772):
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1316: alloc_fn:
      Storage is returned from allocation function "calloc".
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1316: var_assign:
      Assigning: "tmp" = storage returned from
      "calloc((size_t)((buf_size + data_len == 0) ? 1 : (buf_size + data_len)), 1UL)".
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1319: noescape:
      Resource "tmp" is not freed or pointed-to in "memcpy".
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1320: var_assign:
      Assigning: "buf" = "tmp".
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1302: var_assign:
      Assigning: "data" = "buf".
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1303: noescape:
      Resource "data" is not freed or pointed-to in
      "_XimEncodeIMATTRIBUTE".
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1333: leaked_storage:
      Variable "data" going out of scope leaks the storage it points to.
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1333: leaked_storage:
      Variable "buf" going out of scope leaks the storage it points to.
    libX11-1.8.7/modules/im/ximcp/imDefIm.c:1333: leaked_storage:
      Variable "tmp" going out of scope leaks the storage it points to.
    # 1331|
    # 1332|       if (!total)
    # 1333|->         return (char *)NULL;
    # 1334|
    # 1335|       buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];

Signed-off-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/250>
---
 modules/im/ximcp/imDefIm.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/im/ximcp/imDefIm.c b/modules/im/ximcp/imDefIm.c
index a12d2970..e3075398 100644
--- a/modules/im/ximcp/imDefIm.c
+++ b/modules/im/ximcp/imDefIm.c
@@ -1327,8 +1327,11 @@ _XimProtoSetIMValues(
     }
     _XimSetCurrentIMValues(im, &im_values);
 
-    if (!total)
-	return (char *)NULL;
+    if (!total) {
+        if (buf != tmp_buf)
+	    Xfree(buf);
+        return (char *)NULL;
+    }
 
     buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];
     buf_s[0] = im->private.proto.imid;
-- 
2.45.2