http://www.google.com/codesearch?hl=en&q=_XConnectXCB+show:Msehaq5JPo8:IlPxvTnbrRo:uM-ph63AD7E&sa=N&cd=1&ct=rc&cs_p=http://ftp.osuosl.org/pub/nslu2/sources/x11-6.2.1%2Bcvs20050209.tar.gz&cs_f=X11/src/xcl/display.c#l79 please excuse the code reference if it isn't current. my starting point was this: http://mxr.maemo.org/diablo/source/libx11-1.1.1/src/xcb_disp.c?mark=70-71#52 and i tried to find an lxr for upstream, but failed, i've pinged daniels about helping. int _XConnectXCB(Display *dpy, _Xconst char *display, char **fullnamep, int *screenp) ... dpy->xcl = Xcalloc(1, sizeof(XCLPrivate)); if(!dpy->xcl) return 0; -- so, you do check allocs -- *fullnamep = Xmalloc(len); -- you didn't check this alloc -- snprintf(*fullnamep, len, "%s:%d.%d", host, n, *screenp); -- this will crash -- I don't understand the xcb versioning, so please excuse me if i got it wrong.
commit 990e71361d1d7b79bf07b1dc93e4e905d4f1bdaf Author: Julien Cristau <jcristau@debian.org> Date: Tue Feb 17 15:23:40 2009 +0100 Check Xmalloc return value in _XConnectXCB X.Org bug#19137 <http://bugs.freedesktop.org/show_bug.cgi?id=19137> Signed-off-by: Julien Cristau <jcristau@debian.org>
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.