On Tue, 22 Apr 2014 01:54:03 +0000
"Bryce W. Harrington" <[email protected]> wrote:
> Most zalloc calls in weston are checked, this fixes a handful that were
> being ignored. As found by `grep -EIsr "[^x]zalloc\(" . -A1`
>
> Update: Drop the chunk in screen-share.c; Hardening already fixed the
> zalloc check in commit e57d1f21.
>
> Signed-off-by: Bryce Harrington <[email protected]>
> ---
> src/compositor-wayland.c | 6 ++++++
> src/libinput-seat.c | 2 +-
> src/screenshooter.c | 33 ++++++++++++++++++++-------------
> src/udev-seat.c | 2 +-
> 4 files changed, 28 insertions(+), 15 deletions(-)
>
> diff --git a/src/compositor-wayland.c b/src/compositor-wayland.c
> index f35db9c..67f15be 100644
> --- a/src/compositor-wayland.c
> +++ b/src/compositor-wayland.c
> @@ -256,6 +256,12 @@ wayland_output_get_shm_buffer(struct wayland_output
> *output)
> }
>
> sb = zalloc(sizeof *sb);
> + if (sb == NULL) {
> + weston_log("could not zalloc %ld memory for sb: %m\n", sizeof
> *sb);
> + close(fd);
> + free(data);
> + return NULL;
> + }
>
> sb->output = output;
> wl_list_init(&sb->free_link);
> diff --git a/src/libinput-seat.c b/src/libinput-seat.c
> index 8bf538c..acb29d7 100644
> --- a/src/libinput-seat.c
> +++ b/src/libinput-seat.c
> @@ -330,9 +330,9 @@ udev_seat_create(struct udev_input *input, const char
> *seat_name)
> struct udev_seat *seat;
>
> seat = zalloc(sizeof *seat);
> -
> if (!seat)
> return NULL;
> +
> weston_seat_init(&seat->base, c, seat_name);
> seat->base.led_update = udev_seat_led_update;
>
> diff --git a/src/screenshooter.c b/src/screenshooter.c
> index 02146c8..369e920 100644
> --- a/src/screenshooter.c
> +++ b/src/screenshooter.c
> @@ -450,6 +450,17 @@ weston_recorder_frame_notify(struct wl_listener
> *listener, void *data)
> }
>
> static void
> +weston_recorder_free(struct weston_recorder *recorder)
> +{
> + if (recorder == NULL)
> + return;
> + free(recorder->rect);
> + free(recorder->tmpbuf);
> + free(recorder->frame);
> + free(recorder);
> +}
> +
> +static void
> weston_recorder_create(struct weston_output *output, const char *filename)
> {
> struct weston_compositor *compositor = output->compositor;
> @@ -461,7 +472,6 @@ weston_recorder_create(struct weston_output *output,
> const char *filename)
> do_yflip = !!(compositor->capabilities & WESTON_CAP_CAPTURE_YFLIP);
>
> recorder = malloc(sizeof *recorder);
> -
> if (recorder == NULL) {
> weston_log("%s: out of memory\n", __func__);
> return;
> @@ -476,6 +486,12 @@ weston_recorder_create(struct weston_output *output,
> const char *filename)
> recorder->destroying = 0;
> recorder->output = output;
>
> + if ((recorder->frame == NULL) || (recorder->rect == NULL)) {
> + weston_log("%s: out of memory\n", __func__);
> + weston_recorder_free(recorder);
> + return;
> + }
> +
> if (do_yflip)
> recorder->tmpbuf = NULL;
> else
> @@ -493,10 +509,7 @@ weston_recorder_create(struct weston_output *output,
> const char *filename)
> break;
> default:
> weston_log("unknown recorder format\n");
> - free(recorder->rect);
> - free(recorder->tmpbuf);
> - free(recorder->frame);
> - free(recorder);
> + weston_recorder_free(recorder);
> return;
> }
>
> @@ -505,10 +518,7 @@ weston_recorder_create(struct weston_output *output,
> const char *filename)
>
> if (recorder->fd < 0) {
> weston_log("problem opening output file %s: %m\n", filename);
> - free(recorder->rect);
> - free(recorder->tmpbuf);
> - free(recorder->frame);
> - free(recorder);
> + weston_recorder_free(recorder);
> return;
> }
>
> @@ -527,11 +537,8 @@ weston_recorder_destroy(struct weston_recorder *recorder)
> {
> wl_list_remove(&recorder->frame_listener.link);
> close(recorder->fd);
> - free(recorder->tmpbuf);
> - free(recorder->frame);
> - free(recorder->rect);
> recorder->output->disable_planes--;
> - free(recorder);
> + weston_recorder_free(recorder);
> }
>
> static void
> diff --git a/src/udev-seat.c b/src/udev-seat.c
> index 5e018de..cd2f6a9 100644
> --- a/src/udev-seat.c
> +++ b/src/udev-seat.c
> @@ -373,9 +373,9 @@ udev_seat_create(struct udev_input *input, const char
> *seat_name)
> struct udev_seat *seat;
>
> seat = zalloc(sizeof *seat);
> -
> if (!seat)
> return NULL;
> +
> weston_seat_init(&seat->base, c, seat_name);
> seat->base.led_update = drm_led_update;
>
Patches 1 and 2 seem fine to me.
Thanks,
pq
_______________________________________________
wayland-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/wayland-devel
