diff --git a/Xext/xf86bigfont.c b/Xext/xf86bigfont.c index e7cc99fd9..13ac685ed 100644 --- a/Xext/xf86bigfont.c +++ b/Xext/xf86bigfont.c @@ -530,59 +530,60 @@ ProcXF86BigfontQueryFont(ClientPtr client) { int nfontprops = pFont->info.nprops; - int rlength = nfontprops * sizeof(xFontProp) + int rlength = sizeof(xXF86BigfontQueryFontReply) + + nfontprops * sizeof(xFontProp) + (nCharInfos > 0 && shmid == -1 ? nUniqCharInfos * sizeof(xCharInfo) + (nCharInfos + 1) / 2 * 2 * sizeof(CARD16) : 0); + xXF86BigfontQueryFontReply *reply = calloc(1, rlength); + char *p; - xXF86BigfontQueryFontReply rep = { - .type = X_Reply; - .length = bytes_to_int32(buflength), - .sequenceNumber = client->sequence, - .minBounds = pFont->info.ink_minbounds, - .maxBounds = pFont->info.ink_maxbounds, - .minCharOrByte2 = pFont->info.firstCol, - .maxCharOrByte2 = pFont->info.lastCol, - .defaultChar = pFont->info.defaultCh, - .nFontProps = pFont->info.nprops, - .drawDirection = pFont->info.drawDirection, - .minByte1 = pFont->info.firstRow, - .maxByte1 = pFont->info.lastRow, - .allCharsExist = pFont->info.allExist, - .fontAscent = pFont->info.fontAscent, - .fontDescent = pFont->info.fontDescent, - .nCharInfos = nCharInfos, - .nUniqCharInfos = nUniqCharInfos, - .shmid = shmid, - }; - + if (!reply) { + if (nCharInfos > 0) { + if (shmid == -1) + free(pIndex2UniqIndex); + if (!pDesc) + free(pCI); + } + return BadAlloc; + } + reply->type = X_Reply; + reply->length = bytes_to_int32(rlength - sizeof(xGenericReply)); + reply->sequenceNumber = client->sequence; + reply->minBounds = pFont->info.ink_minbounds; + reply->maxBounds = pFont->info.ink_maxbounds; + reply->minCharOrByte2 = pFont->info.firstCol; + reply->maxCharOrByte2 = pFont->info.lastCol; + reply->defaultChar = pFont->info.defaultCh; + reply->nFontProps = pFont->info.nprops; + reply->drawDirection = pFont->info.drawDirection; + reply->minByte1 = pFont->info.firstRow; + reply->maxByte1 = pFont->info.lastRow; + reply->allCharsExist = pFont->info.allExist; + reply->fontAscent = pFont->info.fontAscent; + reply->fontDescent = pFont->info.fontDescent; + reply->nCharInfos = nCharInfos; + reply->nUniqCharInfos = nUniqCharInfos; + reply->shmid = shmid; + reply->shmsegoffset = 0; if (client->swapped) { - swaps(&rep.sequenceNumber); - swapl(&rep.length); - swapCharInfo(&rep.minBounds); - swapCharInfo(&rep.maxBounds); - swaps(&rep.minCharOrByte2); - swaps(&rep.maxCharOrByte2); - swaps(&rep.defaultChar); - swaps(&rep.nFontProps); - swaps(&rep.fontAscent); - swaps(&rep.fontDescent); - swapl(&rep.nCharInfos); - swapl(&rep.nUniqCharInfos); - swapl(&rep.shmid); - swapl(&rep.shmsegoffset); + swaps(&reply->sequenceNumber); + swapl(&reply->length); + swapCharInfo(&reply->minBounds); + swapCharInfo(&reply->maxBounds); + swaps(&reply->minCharOrByte2); + swaps(&reply->maxCharOrByte2); + swaps(&reply->defaultChar); + swaps(&reply->nFontProps); + swaps(&reply->fontAscent); + swaps(&reply->fontDescent); + swapl(&reply->nCharInfos); + swapl(&reply->nUniqCharInfos); + swapl(&reply->shmid); + swapl(&reply->shmsegoffset); } - - int rc = Success; - char *buf = calloc(1, rlength); - if (!buf) { - rc = BadAlloc; - goto out; - } - - char *p = buf; - + p = (char *) &reply[1]; { FontPropPtr pFP; xFontProp *prFP; @@ -618,18 +619,15 @@ ProcXF86BigfontQueryFont(ClientPtr client) } } } - - WriteToClient(client, sizeof(xXF86BigfontQueryFontReply), &rep); - WriteToClient(client, rlength, buf); - free(buf); -out: + WriteToClient(client, rlength, reply); + free(reply); if (nCharInfos > 0) { if (shmid == -1) free(pIndex2UniqIndex); if (!pDesc) free(pCI); } - return rc; + return Success; } }