From 47b04195d8a31c8f9e6dd804196162c6cfca3ac6 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Fri, 4 Jun 2010 13:20:17 -0700 Subject: [PATCH] LINEAR_RGB_InitSCCData: When malloc fails, don't try to free unallocated bits One of the malloc failure checks had a goto to the wrong spot in the list of cleanup free() calls to unwind at the end, and was freeing bits that hadn't been initialized/allocated yet, since they would be stored in the struct that just failed to be allocated. Error: Null pointer dereference (CWE 476) Read from pointer that could be constant 'NULL' at line 805 of /export/alanc/X.Org/sx86/lib/libX11/src/xcms/LRGB.c in function 'LINEAR_RGB_InitSCCData'. Pointer checked against constant 'NULL' at line 754 but does not protect the dereference. [ This bug was found by the Parfait bug checking tool. For more information see http://research.sun.com/projects/parfait ] Signed-off-by: Alan Coopersmith --- src/xcms/LRGB.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xcms/LRGB.c b/src/xcms/LRGB.c index 4e9f029e..2f7a4ccf 100644 --- a/src/xcms/LRGB.c +++ b/src/xcms/LRGB.c @@ -753,7 +753,7 @@ LINEAR_RGB_InitSCCData( /* Blue Intensity Table */ if (!(pScreenData->pBlueTbl = (IntensityTbl *) Xcalloc (1, sizeof(IntensityTbl)))) { - goto FreeBlueTblElements; + goto FreeGreenTblElements; } if (_XcmsGetTableType1(pScreenData->pBlueTbl, format_return, &pChar, &nitems) == XcmsFailure) {