Bug 96814

Summary:

Possible memory leak in cmsProp.c:140

Product:

xorg

Reporter:

Bhavi Dhingra <b.dhingra>

Component:

Lib/Xlib

Assignee:

Xorg Project Team <xorg-team>

Status:

RESOLVED FIXED

QA Contact:

Xorg Project Team <xorg-team>

Severity:

normal

Priority:

medium

Version:

git

Hardware:

All

OS:

Linux (All)

Whiteboard:

i915 platform:

i915 features:

Attachments:

Description	Flags
Patch file	none

Description Bhavi Dhingra 2016-07-05 06:15:29 UTC

Created attachment 124903 [details] [review]
Patch file

In the definition of function 'XGetWindowProperty', if 'reply.format' is
8, 16, or 32, 'Success' is returned. In this case, if 'reply.nItems' is zero,
Xmalloc(1) allocates 1 byte of memory to prop.

Thus at cmsProp.c:140,
 /* xgwp_ret is Success*/ 
 /* format_ret is 8, 16 or 32*/ 
 /* nitems_ret is zero */  
if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) {
	/* the property does not exist or is of an unexpected type or
           getting window property failed */
	return(XcmsFailure);
    }

Hence, memory allocated to prop_ret should be freed.

Assumption: In function 'XGetWindowProperty', 
            'reply.nItems' can be zero when 'reply.format' is valid.

Comment 1 Alan Coopersmith 2018-03-24 18:16:25 UTC

Thanks for the fix, pushed to git master:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=50a5a98984097d614227d22a49265e12b172cac7

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.