rpms/libX11
7
0
Fork 0
Code Issues Pull Requests Releases Activity
403255c136
libX11/0002-Fix-use-of-uninitialized-variable-in-_XimExtension.patch

50 lines
1.9 KiB
Diff
Raw Blame History

From eaad761e24722b1743d3edee3383294bfb4947d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
Date: Tue, 30 Apr 2024 16:41:40 +0200
Subject: [PATCH 2/6] Fix use of uninitialized variable in _XimExtension
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
`_XimRead()` is being called with `reply` as target buffer instead of
using `preply`, accessing uninitialized memory a few lines later.
This error has been found by a static analysis tool. This is the report:
Error: UNINIT (CWE-457):
libX11-1.8.7/modules/im/ximcp/imExten.c:468: alloc_fn:
Calling "malloc" which returns uninitialized memory.
libX11-1.8.7/modules/im/ximcp/imExten.c:468: assign:
Assigning: "preply" = "malloc((size_t)((buf_size == 0) ? 1 : buf_size))",
which points to uninitialized data.
libX11-1.8.7/modules/im/ximcp/imExten.c:479: uninit_use:
Using uninitialized value "*((CARD8 *)preply)".
# 477| return False;
# 478| buf_s = (CARD16 *)((char *)preply + XIM_HEADER_SIZE);
# 479|-> if (*((CARD8 *)preply) == XIM_ERROR) {
# 480| _XimProcError(im, 0, (XPointer)&buf_s[3]);
# 481| if(reply != preply)
Signed-off-by: José Expósito <jexposit@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/250>
---
modules/im/ximcp/imExten.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/im/ximcp/imExten.c b/modules/im/ximcp/imExten.c
index c2e48a89..a25f00d0 100644
--- a/modules/im/ximcp/imExten.c
+++ b/modules/im/ximcp/imExten.c
@@ -466,7 +466,7 @@ _XimExtension(
} else {
buf_size = len;
preply = Xmalloc(buf_size);
- ret_code = _XimRead(im, &len, reply, buf_size,
+ ret_code = _XimRead(im, &len, preply, buf_size,
_XimQueryExtensionCheck, 0);
if(ret_code != XIM_TRUE) {
Xfree(preply);
--
2.45.2
Reference in New Issue View Git Blame Copy Permalink