Bug 19137

Summary: unchecked malloc in _XConnectXCB would crash
Product: xorg Reporter: timeless <timeless>
Component: Lib/XlibAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
URL: http://mxr.maemo.org/diablo/source/libx11-1.1.1/src/xcb_disp.c?mark=70-71#52
Whiteboard:
i915 platform: i915 features:

Description timeless 2008-12-17 07:07:36 UTC 
http://www.google.com/codesearch?hl=en&q=_XConnectXCB+show:Msehaq5JPo8:IlPxvTnbrRo:uM-ph63AD7E&sa=N&cd=1&ct=rc&cs_p=http://ftp.osuosl.org/pub/nslu2/sources/x11-6.2.1%2Bcvs20050209.tar.gz&cs_f=X11/src/xcl/display.c#l79

please excuse the code reference if it isn't current.

my starting point was this:
http://mxr.maemo.org/diablo/source/libx11-1.1.1/src/xcb_disp.c?mark=70-71#52

and i tried to find an lxr for upstream, but failed, i've pinged daniels about helping.


int _XConnectXCB(Display *dpy, _Xconst char *display, char **fullnamep, int *screenp)
...
        dpy->xcl = Xcalloc(1, sizeof(XCLPrivate));
        if(!dpy->xcl)
                return 0;
-- so, you do check allocs --
                *fullnamep = Xmalloc(len);
-- you didn't check this alloc --
                snprintf(*fullnamep, len, "%s:%d.%d", host, n, *screenp);
-- this will crash --

I don't understand the xcb versioning, so please excuse me if i got it wrong.
Comment 1 Julien Cristau 2009-02-17 06:27:33 UTC 
commit 990e71361d1d7b79bf07b1dc93e4e905d4f1bdaf
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Feb 17 15:23:40 2009 +0100

    Check Xmalloc return value in _XConnectXCB
    
    X.Org bug#19137 <http://bugs.freedesktop.org/show_bug.cgi?id=19137>
    
    Signed-off-by: Julien Cristau <jcristau@debian.org>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.