fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-20 04:40:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/dix
History
Mikhail Dmitrichenko dd5c2595a4 dix: avoid null ptr deref at doListFontsWithInfo 
In the doListFontsWithInfo function in dixfonts.c, when a font alias is
encountered (err == FontNameAlias), the code saves the current state
and allocates memory for c->savedName.

If the malloc(namelen + 1) call fails, c->savedName remains NULL,
but c->haveSaved is still set to TRUE. Later, when a font is
successfully resolved (err == Successful), the code uses c->savedName
without checking if it is NULL, so there is potential null ptr
dereference. XNFalloc will check result of malloc and stop
program execution if allocation was failed.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1842
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2062>
2025-09-20 22:05:27 +00:00
..
.gitignore Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
atom.c Revert "dix: unexport MakePredeclaredAtoms()" 2025-07-16 17:14:21 -07:00
BuiltInAtoms R6.6 is the Xorg base-line 2003-11-14 15:54:54 +00:00
callback_priv.h dix: fix duplicate typedef of CallbackListPtr 2024-09-01 22:32:49 +00:00
closestr.h dix: move closestr.h into dix directory 2024-04-16 01:42:39 +00:00
color.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
colormap.c rename old symbol PANORAMIX to XINERAMA 2025-02-06 15:51:27 +00:00
colormap_priv.h Revert "dix: unexport AllocColor()" 2025-06-24 11:23:10 -07:00
cursor.c Revert "dix: unexport cursor refcounting functions" 2025-09-06 17:01:39 +00:00
devices.c Revert "os: move BUG_*() macros to own private header" 2025-06-13 17:13:54 -07:00
dispatch.c Revert "dix: unexport cursor allocation functions" 2025-09-06 17:01:39 +00:00
dispatch.h dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
display.c dix: add getter for display name 2025-02-11 19:13:01 +01:00
dix_priv.h Revert "dix: unexport MakePredeclaredAtoms()" 2025-07-16 17:14:21 -07:00
dixfonts.c dix: avoid null ptr deref at doListFontsWithInfo 2025-09-20 22:05:27 +00:00
dixgrabs_priv.h dix: unexport non-public functions from dixgrabs.h and document prototypes 2024-10-10 13:50:57 +00:00
dixstruct_priv.h include: move private defs to dixstruct_priv.h 2024-04-30 00:47:38 +00:00
dixutils.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
enterleave.c Revert "os: move BUG_*() macros to own private header" 2025-06-13 17:13:54 -07:00
enterleave.h dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
eventconvert.c dix: limit checks to MAX_VALUATORS when generating Xi events 2024-10-28 05:38:25 +00:00
eventconvert.h dix: unexport eventconvert.h functions 2024-03-11 12:26:44 +01:00
events.c Revert "dix: unexport cursor refcounting functions" 2025-09-06 17:01:39 +00:00
exevents_priv.h include: move private definitions out of exevents.h 2024-04-30 00:47:38 +00:00
extension.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
gc.c Revert "dix: use dixDestroyPixmap() instead of direct driver call" 2025-06-17 20:02:16 +00:00
gc_priv.h dix: unexport SetClipRects() 2024-04-15 23:10:31 +00:00
gestures.c Revert "os: move BUG_*() macros to own private header" 2025-06-13 17:13:54 -07:00
getevents.c Revert "os: log: replace ErrorFSigSafe() by ErrorF()" 2025-06-24 23:40:50 +00:00
globals.c Revert "dix: unexport rootCursor" 2025-09-06 17:01:39 +00:00
glyphcurs.c Revert "dix: unexport ServerBitsFromGlyph()" 2025-09-06 17:01:38 +00:00
grabs.c Revert "dix: unexport cursor refcounting functions" 2025-09-06 17:01:39 +00:00
initatoms.c Revert "dix: generate MakePredeclaredAtoms() from BuiltInAtoms file" 2025-07-16 17:14:51 -07:00
input_priv.h dix: fix warning on redefinition of typedefs 2025-05-18 17:35:31 +00:00
inpututils.c Revert "os: move BUG_*() macros to own private header" 2025-06-13 17:13:54 -07:00
main.c Revert "dix: unexport rootCursor" 2025-09-06 17:01:39 +00:00
meson.build Revert "dix: generate MakePredeclaredAtoms() from BuiltInAtoms file" 2025-07-16 17:14:51 -07:00
pixmap.c Revert "dix: use dixDestroyPixmap() instead of direct driver call" 2025-06-17 20:02:16 +00:00
privates.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
property.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
property_priv.h dix: unexport DeleteAllWindowProperties() 2024-09-02 17:50:47 +00:00
protocol.txt drop remains of DMX 2024-03-05 16:57:52 +01:00
ptrveloc.c Revert "os: log: replace ErrorFSigSafe() by ErrorF()" 2025-06-24 23:40:50 +00:00
ptrveloc_priv.h dix: fix duplicate typedef of MotionTracker and *MotionTrackerPtr 2024-09-01 22:32:49 +00:00
region.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
registry.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
registry_priv.h dix: unexport XREGISTRY_UNKNOWN define 2024-03-03 23:20:06 +00:00
resource.c rename old symbol PANORAMIX to XINERAMA 2025-02-06 15:51:27 +00:00
screenint_priv.h dix: fix duplicate typedef of *ScreenPtr 2024-09-01 22:32:49 +00:00
selection.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
stubmain.c Allow DDX to provide a main() 2013-07-23 23:56:58 +01:00
swaprep.c dix: drop unnecessary check on HAVE_DIX_CONFIG_H 2024-10-10 13:38:31 +00:00
swapreq.c Revert "misc.h: drop LengthRestB() macro" 2025-06-13 22:30:27 +00:00
tables.c dix: tables.c should include header that defines InitialVector 2025-04-19 17:02:15 +00:00
touch.c Revert "os: move BUG_*() macros to own private header" 2025-06-13 17:13:54 -07:00
window.c Revert "dix: unexport rootCursor" 2025-09-06 17:01:39 +00:00