Fix does one byte of memory allocation for null termination of string.
https://bugs.freedesktop.org/show_bug.cgi?id=90857
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
When parsing cursor files, a user defined (e.g. through environment
variables) cursor file is opened and parsed.
The header is read in _XcursorReadFileHeader(), which reads an unsigned
int for the number of toc structures in the header, but it was being
passed to _XcursorFileHeaderCreate() as a signed int to allocate those
structures. If the number was negative, it would pass the bounds check
and could overflow the calculation for how much memory to allocate to
store the data being read, leading to overflowing the buffer with the
data read from the user controlled file.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
- Support for the long-deprecated INCLUDES variable will be removed
altogether in Automake 1.14. The AM_CPPFLAGS variable should be
used instead.
This variable was deprecated in Automake releases prior to 1.10, which is
the current minimum level required to build X.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Error: Null pointer dereference (CWE 476)
Read from null pointer 'info'
at line 615 of src/cursor.c in function 'XcursorImageLoadCursor'.
Function '_XcursorGetDisplayInfo' may return constant 'NULL' at line 134, called at line 597.
Null pointer introduced at line 134 of src/display.c in function '_XcursorGetDisplayInfo'.
[ This bug was found by the Parfait 0.3.7 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Error: Memory leak (CWE 401)
Memory leak of pointer 'comments' allocated with XcursorCommentsCreate(0)
at line 982 of src/file.c in function 'XcursorFileSaveImages'.
'comments' allocated at line 978 with XcursorCommentsCreate(0).
comments leaks when comments != 0 at line 981.
[ This bug was found by the Parfait 0.3.7 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Performed with: find * -type f | xargs perl -i -p -e 's{\s+$}{\n}'
git diff -w & git diff -b show no diffs from this change
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Clears Sun compiler warnings from shifting 8 bits by 24 bits:
"cursor.c", line 215: warning: integer overflow detected: op "<<"
"cursor.c", line 280: warning: integer overflow detected: op "<<"
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Previously it would either div-zero or get stuck in a loop until int overflow
if called with a bad value.
cursor.c:214:32: warning: Division by zero
return (0xff << 24) | ((red/npixels) << 16) | ((green/npixels) << 8) | (blue/npixels);
Found-by: clang static analyzer
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
We freed the parent structure without freeing the list contained within,
making valgrind unhappy.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Compiler warning flags should be explicitly set in the makefile
rather than being merged with other packages compiler flags.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
This means the compiler doesn't need to place the array in the
read-write sections of the DSO, which means less relocations
when the library is loaded and a smaller memory footprint.
