Bug 96814 - Possible memory leak in cmsProp.c:140
Summary: Possible memory leak in cmsProp.c:140
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/Xlib (show other bugs)
Version: git
Hardware: All Linux (All)
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-05 06:15 UTC by Bhavi Dhingra
Modified: 2018-03-24 18:16 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
Patch file (389 bytes, patch)
2016-07-05 06:15 UTC, Bhavi Dhingra 		no flags Details | Splinter Review
View All

Description Bhavi Dhingra 2016-07-05 06:15:29 UTC 
Created attachment 124903 [details] [review]
Patch file

In the definition of function 'XGetWindowProperty', if 'reply.format' is
8, 16, or 32, 'Success' is returned. In this case, if 'reply.nItems' is zero,
Xmalloc(1) allocates 1 byte of memory to prop.

Thus at cmsProp.c:140,
 /* xgwp_ret is Success*/ 
 /* format_ret is 8, 16 or 32*/ 
 /* nitems_ret is zero */  
if (xgwp_ret != Success || format_ret == 0 || nitems_ret == 0) {
	/* the property does not exist or is of an unexpected type or
           getting window property failed */
	return(XcmsFailure);
    }

Hence, memory allocated to prop_ret should be freed.

Assumption: In function 'XGetWindowProperty', 
            'reply.nItems' can be zero when 'reply.format' is valid.
Comment 1 Alan Coopersmith 2018-03-24 18:16:25 UTC 
Thanks for the fix, pushed to git master:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=50a5a98984097d614227d22a49265e12b172cac7

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.