Created attachment 24666 [details] [review] Patch to hw/xfree86/parser/Flags.c to prevent crash The xf86 implementation of strdup (xf86configStrdup) would catch the case where the passed char* was NULL, and would return NULL. Under platforms where the standard C library does not make this test (e.g. FreeBSD), this will result in an attempted NULL-pointer dereference, causing the X server to crash. Most places where this was called, the calling code also tested for NULL before calling xf86configStrdup, except in this one case I am attaching a patch to the issue that should restore the behavior using the inline conditional ternary operator.
Thanks for the report & patch - one of our developers also hit this yesterday and pushed essentially the same fix last night: New commits: commit 3a0ee199dcec39596756a995996eac388acf6315 Author: Eamon Walsh <ewalsh@tycho.nsa.gov> Date: Thu Apr 9 02:26:24 2009 -0400 config: fix crash caused by strdup(NULL) diff --git a/hw/xfree86/parser/Flags.c b/hw/xfree86/parser/Flags.c index b4e8d25..6865d35 100644 --- a/hw/xfree86/parser/Flags.c +++ b/hw/xfree86/parser/Flags.c @@ -235,11 +235,12 @@ XF86OptionPtr xf86optionListDup (XF86OptionPtr opt) { XF86OptionPtr newopt = NULL; + char *val; while (opt) { - newopt = xf86addNewOption(newopt, strdup(opt->opt_name), - strdup(opt->opt_val)); + val = opt->opt_val ? strdup(opt->opt_val) : NULL; + newopt = xf86addNewOption(newopt, strdup(opt->opt_name), val); newopt->opt_used = opt->opt_used; if (opt->opt_comment) newopt->opt_comment = strdup(opt->opt_comment);
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.