Re: [PATCH 1/8] Handle failure to create counter in init_system_idle_counter

Mon, 28 Jan 2013 17:50:18 -0800 

On Mon, Jan 28, 2013 at 05:08:35PM -0800, Alan Coopersmith wrote:
> Check for NULL pointer (which can be returned for multiple reasons)
> before trying to dereference it to add privates.   To avoid memory leak
> in error path, delay malloc of privates until we're ready to add them.
> 
> As reported by parfait 1.1:
> Error: Null pointer dereference (CWE 476)
>    Read from null pointer 'idle_time_counter'
>         at line 2764 of xserver/Xext/sync.c in function 
> 'init_system_idle_counter'.
>           Function 'SyncCreateSystemCounter' may return constant 'NULL' at 
> line 952, called at line 2756.
>           Null pointer introduced at line 952 in function 
> 'SyncCreateSystemCounter'.
> 
> Signed-off-by: Alan Coopersmith <[email protected]>
> ---
>  Xext/sync.c |   11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/Xext/sync.c b/Xext/sync.c
> index 4d11992..b48da26 100644
> --- a/Xext/sync.c
> +++ b/Xext/sync.c
> @@ -2747,7 +2747,6 @@ init_system_idle_counter(const char *name, int deviceid)
>  {
>      CARD64 resolution;
>      XSyncValue idle;
> -    IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
>      SyncCounter *idle_time_counter;
>  
>      IdleTimeQueryValue(NULL, &idle);
> @@ -2758,10 +2757,14 @@ init_system_idle_counter(const char *name, int 
> deviceid)
>                                                  IdleTimeQueryValue,
>                                                  IdleTimeBracketValues);
>  
> -    priv->deviceid = deviceid;
> -    priv->value_less = priv->value_greater = NULL;
> +    if (idle_time_counter != NULL) {
> +        IdleCounterPriv *priv = malloc(sizeof(IdleCounterPriv));
>  
> -    idle_time_counter->pSysCounterInfo->private = priv;
> +        priv->value_less = priv->value_greater = NULL;
> +        priv->deviceid = deviceid;
> +
> +        idle_time_counter->pSysCounterInfo->private = priv;
> +    }
>  
>      return idle_time_counter;
>  }
> -- 
> 1.7.9.2

looks good, but if you return NULL, device->idle_counter may end up NULL, so
we need at least a check for that in SyncRemoveDeviceIdleTime().

with that, Reviewed-by: Peter Hutterer <[email protected]>

Cheers,
   Peter

_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to