From ddb8d8945d1f44d16adc366b6612eef20ae813f7 Mon Sep 17 00:00:00 2001 From: Peter Åstrand Date: Fri, 13 Feb 2009 10:23:28 +0100 Subject: xserver: Avoid sending uninitialized padding data over the network Signed-off-by: Peter Hutterer --- Xext/bigreq.c | 1 + Xext/shape.c | 2 ++ Xext/shm.c | 1 + Xext/sync.c | 1 + Xi/getvers.c | 1 + Xi/listdev.c | 3 ++- Xi/opendev.c | 1 + dix/devices.c | 2 ++ dix/dispatch.c | 18 ++++++++++++++---- dix/dixfonts.c | 2 ++ dix/events.c | 10 ++++++++++ dix/extension.c | 4 +++- dix/main.c | 12 ++++++++---- dix/property.c | 2 ++ dix/selection.c | 2 ++ dix/window.c | 17 +++++++++++++++-- mi/miexpose.c | 3 ++- randr/rrxinerama.c | 3 ++- render/render.c | 3 ++- xfixes/select.c | 1 + xfixes/xfixes.c | 1 + xkb/xkb.c | 5 ++++- xkb/xkbEvents.c | 6 ++++++ xkb/xkbUtils.c | 1 + 24 files changed, 86 insertions(+), 16 deletions(-) diff --git a/Xext/bigreq.c b/Xext/bigreq.c index 8857df37e..e50376c6e 100644 --- a/Xext/bigreq.c +++ b/Xext/bigreq.c @@ -64,6 +64,7 @@ ProcBigReqDispatch (ClientPtr client) return BadRequest; REQUEST_SIZE_MATCH(xBigReqEnableReq); client->big_requests = TRUE; + memset(&rep, 0, sizeof(xBigReqEnableReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; diff --git a/Xext/shape.c b/Xext/shape.c index fbf8f8c6d..2a6a38b7d 100644 --- a/Xext/shape.c +++ b/Xext/shape.c @@ -256,6 +256,7 @@ ProcShapeQueryVersion (ClientPtr client) int n; REQUEST_SIZE_MATCH (xShapeQueryVersionReq); + memset(&rep, 0, sizeof(xShapeQueryVersionReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; @@ -682,6 +683,7 @@ ProcShapeQueryExtents (ClientPtr client) rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess); if (rc != Success) return rc; + memset(&rep, 0, sizeof(xShapeQueryExtentsReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; diff --git a/Xext/shm.c b/Xext/shm.c index 7b63484a5..1f963c16c 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -309,6 +309,7 @@ ProcShmQueryVersion(ClientPtr client) int n; REQUEST_SIZE_MATCH(xShmQueryVersionReq); + memset(&rep, 0, sizeof(xShmQueryVersionReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; diff --git a/Xext/sync.c b/Xext/sync.c index 9236fab87..a30895ddf 100644 --- a/Xext/sync.c +++ b/Xext/sync.c @@ -1144,6 +1144,7 @@ ProcSyncInitialize(ClientPtr client) REQUEST_SIZE_MATCH(xSyncInitializeReq); + memset(&rep, 0, sizeof(xSyncInitializeReply)); rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.majorVersion = SYNC_MAJOR_VERSION; diff --git a/Xi/getvers.c b/Xi/getvers.c index f8fd56e6d..b4bc468ea 100644 --- a/Xi/getvers.c +++ b/Xi/getvers.c @@ -116,6 +116,7 @@ ProcXGetExtensionVersion(ClientPtr client) pXIClient->minor_version = stuff->minorVersion; } /* else version unknown, leave it at 0.0 */ + memset(&rep, 0, sizeof(xGetExtensionVersionReply)); rep.repType = X_Reply; rep.RepType = X_GetExtensionVersion; rep.length = 0; diff --git a/Xi/listdev.c b/Xi/listdev.c index 9a5a189de..48c1e059b 100644 --- a/Xi/listdev.c +++ b/Xi/listdev.c @@ -338,6 +338,7 @@ ProcXListInputDevices(ClientPtr client) REQUEST_SIZE_MATCH(xListInputDevicesReq); + memset(&rep, 0, sizeof(xListInputDevicesReply)); rep.repType = X_Reply; rep.RepType = X_ListInputDevices; rep.length = 0; @@ -379,7 +380,7 @@ ProcXListInputDevices(ClientPtr client) } total_length = numdevs * sizeof(xDeviceInfo) + size + namesize; - devbuf = (char *)xalloc(total_length); + devbuf = (char *)xcalloc(1, total_length); classbuf = devbuf + (numdevs * sizeof(xDeviceInfo)); namebuf = classbuf + size; savbuf = devbuf; diff --git a/Xi/opendev.c b/Xi/opendev.c index 41edb0f90..502bdfc2a 100644 --- a/Xi/opendev.c +++ b/Xi/opendev.c @@ -126,6 +126,7 @@ ProcXOpenDevice(ClientPtr client) if (status != Success) return status; + memset(&rep, 0, sizeof(xOpenDeviceReply)); rep.repType = X_Reply; rep.RepType = X_OpenDevice; rep.sequenceNumber = client->sequence; diff --git a/dix/devices.c b/dix/devices.c index 934e6952f..51d709145 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -1466,6 +1466,7 @@ ProcGetModifierMapping(ClientPtr client) if (ret != Success) return ret; + memset(&rep, 0, sizeof(xGetModifierMappingReply)); rep.type = X_Reply; rep.numKeyPerModifier = max_keys_per_mod; rep.sequenceNumber = client->sequence; @@ -1621,6 +1622,7 @@ ProcGetKeyboardMapping(ClientPtr client) if (!syms) return BadAlloc; + memset(&rep, 0, sizeof(xGetKeyboardMappingReply)); rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.keySymsPerKeyCode = syms->mapWidth; diff --git a/dix/dispatch.c b/dix/dispatch.c index 817aa17e7..a92804841 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -548,6 +548,7 @@ ProcGetWindowAttributes(ClientPtr client) rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess); if (rc != Success) return rc; + memset(&wa, 0, sizeof(xGetWindowAttributesReply)); GetWindowAttributes(pWin, client, &wa); WriteReplyToClient(client, sizeof(xGetWindowAttributesReply), &wa); return(client->noClientException); @@ -809,6 +810,7 @@ ProcGetGeometry(ClientPtr client) xGetGeometryReply rep; int status; + memset(&rep, 0, sizeof(xGetGeometryReply)); if ((status = GetGeometry(client, &rep)) != Success) return status; @@ -830,6 +832,7 @@ ProcQueryTree(ClientPtr client) rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess); if (rc != Success) return rc; + memset(&reply, 0, sizeof(xQueryTreeReply)); reply.type = X_Reply; reply.root = WindowTable[pWin->drawable.pScreen->myNum]->drawable.id; reply.sequenceNumber = client->sequence; @@ -883,6 +886,7 @@ ProcInternAtom(ClientPtr client) if (atom != BAD_RESOURCE) { xInternAtomReply reply; + memset(&reply, 0, sizeof(xInternAtomReply)); reply.type = X_Reply; reply.length = 0; reply.sequenceNumber = client->sequence; @@ -906,6 +910,7 @@ ProcGetAtomName(ClientPtr client) if ( (str = NameForAtom(stuff->id)) ) { len = strlen(str); + memset(&reply, 0, sizeof(xGetAtomNameReply)); reply.type = X_Reply; reply.length = (len + 3) >> 2; reply.sequenceNumber = client->sequence; @@ -1002,6 +1007,7 @@ ProcTranslateCoords(ClientPtr client) rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixGetAttrAccess); if (rc != Success) return rc; + memset(&rep, 0, sizeof(xTranslateCoordsReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; @@ -1138,7 +1144,7 @@ ProcQueryFont(ClientPtr client) rlength = sizeof(xQueryFontReply) + FONTINFONPROPS(FONTCHARSET(pFont)) * sizeof(xFontProp) + nprotoxcistructs * sizeof(xCharInfo); - reply = xalloc(rlength); + reply = xcalloc(1, rlength); if(!reply) { return(BadAlloc); @@ -1915,6 +1921,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable, if (rc != Success) return rc; + memset(&xgi, 0, sizeof(xGetImageReply)); if(pDraw->type == DRAWABLE_WINDOW) { if( /* check for being viewable */ @@ -1966,7 +1973,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable, xgi.length = length; if (im_return) { - pBuf = xalloc(sz_xGetImageReply + length); + pBuf = xcalloc(1, sz_xGetImageReply + length); if (!pBuf) return (BadAlloc); if (widthBytesLine == 0) @@ -2004,7 +2011,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable, length += widthBytesLine; } } - if(!(pBuf = xalloc(length))) + if(!(pBuf = xcalloc(1, length))) return (BadAlloc); WriteReplyToClient(client, sizeof (xGetImageReply), &xgi); } @@ -2742,7 +2749,7 @@ ProcQueryColors(ClientPtr client) xQueryColorsReply qcr; count = ((client->req_len << 2) - sizeof(xQueryColorsReq)) >> 2; - prgbs = xalloc(count * sizeof(xrgb)); + prgbs = xcalloc(1, count * sizeof(xrgb)); if(!prgbs && count) return(BadAlloc); if( (rc = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) ) @@ -2756,6 +2763,7 @@ ProcQueryColors(ClientPtr client) return rc; } } + memset(&qcr, 0, sizeof(xQueryColorsReply)); qcr.type = X_Reply; qcr.length = (count * sizeof(xrgb)) >> 2; qcr.sequenceNumber = client->sequence; @@ -2983,6 +2991,7 @@ ProcQueryBestSize (ClientPtr client) return rc; (* pScreen->QueryBestSize)(stuff->class, &stuff->width, &stuff->height, pScreen); + memset(&reply, 0, sizeof(xQueryBestSizeReply)); reply.type = X_Reply; reply.length = 0; reply.sequenceNumber = client->sequence; @@ -3696,6 +3705,7 @@ SendErrorToClient(ClientPtr client, unsigned majorCode, unsigned minorCode, { xError rep; + memset(&rep, 0, sizeof(xError)); rep.type = X_Error; rep.sequenceNumber = client->sequence; rep.errorCode = errorCode; diff --git a/dix/dixfonts.c b/dix/dixfonts.c index 7d807811c..c7fa83995 100644 --- a/dix/dixfonts.c +++ b/dix/dixfonts.c @@ -789,6 +789,7 @@ finish: for (i = 0; i < nnames; i++) stringLens += (names->length[i] <= 255) ? names->length[i] : 0; + memset(&reply, 0, sizeof(xListFontsReply)); reply.type = X_Reply; reply.length = (stringLens + nnames + 3) >> 2; reply.nFonts = nnames; @@ -1044,6 +1045,7 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c) err = AllocError; break; } + memset(reply + c->length, 0, length - c->length); c->reply = reply; c->length = length; } diff --git a/dix/events.c b/dix/events.c index 4b367f736..10fa40d19 100644 --- a/dix/events.c +++ b/dix/events.c @@ -2300,6 +2300,7 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab, { /* no XI event delivered. Try core event */ + memset(&core, 0, sizeof(xEvent)); core = *xE; core.u.u.type = XItoCoreType(xE->u.u.type); @@ -3393,6 +3394,7 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count) if (sendCore) { + memset(&core, 0, sizeof(xEvent)); core = *xE; core.u.u.type = XItoCoreType(xE->u.u.type); } @@ -3491,6 +3493,7 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev, /* try core event */ if (sendCore && grab->coreGrab) { + memset(&core, 0, sizeof(xEvent)); core = *xE; core.u.u.type = XItoCoreType(xE->u.u.type); if(core.u.u.type) { @@ -3869,6 +3872,7 @@ CoreEnterLeaveEvent( mask = pWin->eventMask | wOtherEventMasks(pWin); } + memset(&event, 0, sizeof(xEvent)); event.u.u.type = type; event.u.u.detail = detail; event.u.enterLeave.time = currentTime.milliseconds; @@ -3949,6 +3953,7 @@ DeviceEnterLeaveEvent( /* we don't have enough bytes, so we squash flags and mode into one byte, and use the last byte for the deviceid. */ + memset(&event, 0, sizeof(xEvent)); devEnterLeave = (deviceEnterNotify*)&event; devEnterLeave->type = type; devEnterLeave->detail = detail; @@ -3990,6 +3995,7 @@ CoreFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin) { xEvent event; + memset(&event, 0, sizeof(xEvent)); event.u.focus.mode = mode; event.u.u.type = type; event.u.u.detail = detail; @@ -4153,6 +4159,7 @@ ProcGetInputFocus(ClientPtr client) if (rc != Success) return rc; + memset(&rep, 0, sizeof(xGetInputFocusReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; @@ -4243,6 +4250,7 @@ ProcGrabPointer(ClientPtr client) /* at this point, some sort of reply is guaranteed. */ time = ClientTimeToServerTime(stuff->time); + memset(&rep, 0, sizeof(xGrabPointerReply)); rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.length = 0; @@ -4490,6 +4498,7 @@ ProcGrabKeyboard(ClientPtr client) REQUEST_SIZE_MATCH(xGrabKeyboardReq); + memset(&rep, 0, sizeof(xGrabKeyboardReply)); result = GrabDevice(client, keyboard, stuff->keyboardMode, stuff->pointerMode, stuff->grabWindow, stuff->ownerEvents, stuff->time, @@ -4557,6 +4566,7 @@ ProcQueryPointer(ClientPtr client) pSprite = mouse->spriteInfo->sprite; if (mouse->valuator->motionHintWindow) MaybeStopHint(mouse, client); + memset(&rep, 0, sizeof(xQueryPointerReply)); rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.mask = mouse->button->state; diff --git a/dix/extension.c b/dix/extension.c index 330fd28b7..c768ccb84 100644 --- a/dix/extension.c +++ b/dix/extension.c @@ -267,7 +267,8 @@ ProcQueryExtension(ClientPtr client) REQUEST(xQueryExtensionReq); REQUEST_FIXED_SIZE(xQueryExtensionReq, stuff->nbytes); - + + memset(&reply, 0, sizeof(xQueryExtensionReply)); reply.type = X_Reply; reply.length = 0; reply.major_opcode = 0; @@ -301,6 +302,7 @@ ProcListExtensions(ClientPtr client) REQUEST_SIZE_MATCH(xReq); + memset(&reply, 0, sizeof(xListExtensionsReply)); reply.type = X_Reply; reply.nExtensions = 0; reply.length = 0; diff --git a/dix/main.c b/dix/main.c index 1c66c8622..6a45332c3 100644 --- a/dix/main.c +++ b/dix/main.c @@ -489,8 +489,9 @@ CreateConnectionBlock(void) sizesofar = 0; char *pBuf; - - /* Leave off the ridBase and ridMask, these must be sent with + + memset(&setup, 0, sizeof(xConnSetup)); + /* Leave off the ridBase and ridMask, these must be sent with connection */ setup.release = VendorRelease; @@ -529,7 +530,8 @@ CreateConnectionBlock(void) sizesofar += i; while (--i >= 0) *pBuf++ = 0; - + + memset(&format, 0, sizeof(xPixmapFormat)); for (i=0; idrawable.id; event.u.property.state = state; @@ -479,6 +480,7 @@ ProcGetProperty(ClientPtr client) return(BadAtom); } + memset(&reply, 0, sizeof(xGetPropertyReply)); reply.type = X_Reply; reply.sequenceNumber = client->sequence; diff --git a/dix/selection.c b/dix/selection.c index 1fd0d21bc..d72f381ca 100644 --- a/dix/selection.c +++ b/dix/selection.c @@ -243,6 +243,7 @@ ProcGetSelectionOwner(ClientPtr client) return BadAtom; } + memset(&reply, 0, sizeof(xGetSelectionOwnerReply)); reply.type = X_Reply; reply.length = 0; reply.sequenceNumber = client->sequence; @@ -284,6 +285,7 @@ ProcConvertSelection(ClientPtr client) rc = dixLookupSelection(&pSel, stuff->selection, client, DixReadAccess); + memset(&event, 0, sizeof(xEvent)); if (rc != Success && rc != BadMatch) return rc; else if (rc == Success && pSel->window != None) { diff --git a/dix/window.c b/dix/window.c index d4c587e3c..2a5da53ea 100644 --- a/dix/window.c +++ b/dix/window.c @@ -774,6 +774,7 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w, if (SubSend(pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = CreateNotify; event.u.createNotify.window = wid; event.u.createNotify.parent = pParent->drawable.id; @@ -889,9 +890,10 @@ CrushTree(WindowPtr pWin) pParent = pChild->parent; if (SubStrSend(pChild, pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = DestroyNotify; event.u.destroyNotify.window = pChild->drawable.id; - DeliverEvents(pChild, &event, 1, NullWindow); + DeliverEvents(pChild, &event, 1, NullWindow); } FreeResource(pChild->drawable.id, RT_WINDOW); pSib = pChild->nextSib; @@ -935,9 +937,10 @@ DeleteWindow(pointer value, XID wid) pParent = pWin->parent; if (wid && pParent && SubStrSend(pWin, pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = DestroyNotify; event.u.destroyNotify.window = pWin->drawable.id; - DeliverEvents(pWin, &event, 1, NullWindow); + DeliverEvents(pWin, &event, 1, NullWindow); } FreeWindowResources(pWin); @@ -2244,6 +2247,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) (RedirectSend(pParent) )) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = ConfigureRequest; event.u.configureRequest.window = pWin->drawable.id; if (mask & CWSibling) @@ -2278,6 +2282,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) if (size_change && ((pWin->eventMask|wOtherEventMasks(pWin)) & ResizeRedirectMask)) { xEvent eventT; + memset(&eventT, 0, sizeof(xEvent)); eventT.u.u.type = ResizeRequest; eventT.u.resizeRequest.window = pWin->drawable.id; eventT.u.resizeRequest.width = w; @@ -2324,6 +2329,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) ActuallyDoSomething: if (SubStrSend(pWin, pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = ConfigureNotify; event.u.configureNotify.window = pWin->drawable.id; if (pSib) @@ -2480,6 +2486,7 @@ ReparentWindow(WindowPtr pWin, WindowPtr pParent, if (WasMapped) UnmapWindow(pWin, FALSE); + memset(&event, 0, sizeof(xEvent)); event.u.u.type = ReparentNotify; event.u.reparent.window = pWin->drawable.id; event.u.reparent.parent = pParent->drawable.id; @@ -2640,6 +2647,7 @@ MapWindow(WindowPtr pWin, ClientPtr client) (RedirectSend(pParent) )) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapRequest; event.u.mapRequest.window = pWin->drawable.id; event.u.mapRequest.parent = pParent->drawable.id; @@ -2652,6 +2660,7 @@ MapWindow(WindowPtr pWin, ClientPtr client) pWin->mapped = TRUE; if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapNotify; event.u.mapNotify.window = pWin->drawable.id; event.u.mapNotify.override = pWin->overrideRedirect; @@ -2726,6 +2735,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client) { if (parentRedirect && !pWin->overrideRedirect) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapRequest; event.u.mapRequest.window = pWin->drawable.id; event.u.mapRequest.parent = pParent->drawable.id; @@ -2738,6 +2748,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client) pWin->mapped = TRUE; if (parentNotify || StrSend(pWin)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapNotify; event.u.mapNotify.window = pWin->drawable.id; event.u.mapNotify.override = pWin->overrideRedirect; @@ -2850,6 +2861,7 @@ UnmapWindow(WindowPtr pWin, Bool fromConfigure) return(Success); if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = UnmapNotify; event.u.unmapNotify.window = pWin->drawable.id; event.u.unmapNotify.fromConfigure = fromConfigure; @@ -3113,6 +3125,7 @@ SendVisibilityNotify(WindowPtr pWin) } #endif + memset(&event, 0, sizeof(xEvent)); event.u.u.type = VisibilityNotify; event.u.visibility.window = pWin->drawable.id; event.u.visibility.state = visibility; diff --git a/mi/miexpose.c b/mi/miexpose.c index 082f90677..5746a5fca 100644 --- a/mi/miexpose.c +++ b/mi/miexpose.c @@ -381,6 +381,7 @@ miSendGraphicsExpose (ClientPtr client, RegionPtr pRgn, XID drawable, else { xEvent event; + memset(&event, 0, sizeof(xEvent)); event.u.u.type = NoExpose; event.u.noExposure.drawable = drawable; event.u.noExposure.majorEvent = major; @@ -401,7 +402,7 @@ miSendExposures( WindowPtr pWin, RegionPtr pRgn, int dx, int dy) pBox = REGION_RECTS(pRgn); numRects = REGION_NUM_RECTS(pRgn); - if(!(pEvent = xalloc(numRects * sizeof(xEvent)))) + if(!(pEvent = xcalloc(1, numRects * sizeof(xEvent)))) return; for (i=numRects, pe = pEvent; --i >= 0; pe++, pBox++) diff --git a/randr/rrxinerama.c b/randr/rrxinerama.c index 36135c6c1..d81a857e1 100644 --- a/randr/rrxinerama.c +++ b/randr/rrxinerama.c @@ -245,7 +245,8 @@ ProcRRXineramaIsActive(ClientPtr client) xXineramaIsActiveReply rep; REQUEST_SIZE_MATCH(xXineramaIsActiveReq); - + + memset(&rep, 0, sizeof(xXineramaIsActiveReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; diff --git a/render/render.c b/render/render.c index 658b17081..abd0a68fa 100644 --- a/render/render.c +++ b/render/render.c @@ -266,6 +266,7 @@ ProcRenderQueryVersion (ClientPtr client) pRenderClient->minor_version = stuff->minorVersion; REQUEST_SIZE_MATCH(xRenderQueryVersionReq); + memset(&rep, 0, sizeof(xRenderQueryVersionReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; @@ -363,7 +364,7 @@ ProcRenderQueryPictFormats (ClientPtr client) ndepth * sizeof (xPictDepth) + nvisual * sizeof (xPictVisual) + numSubpixel * sizeof (CARD32)); - reply = (xRenderQueryPictFormatsReply *) xalloc (rlength); + reply = (xRenderQueryPictFormatsReply *) xcalloc (1, rlength); if (!reply) return BadAlloc; reply->type = X_Reply; diff --git a/xfixes/select.c b/xfixes/select.c index 12a165fd0..795b8bd4c 100644 --- a/xfixes/select.c +++ b/xfixes/select.c @@ -83,6 +83,7 @@ XFixesSelectionCallback (CallbackListPtr *callbacks, pointer data, pointer args) { xXFixesSelectionNotifyEvent ev; + memset(&ev, 0, sizeof(xXFixesSelectionNotifyEvent)); ev.type = XFixesEventBase + XFixesSelectionNotify; ev.subtype = subtype; ev.sequenceNumber = e->pClient->sequence; diff --git a/xfixes/xfixes.c b/xfixes/xfixes.c index d1225c6f3..3b8ed5a13 100644 --- a/xfixes/xfixes.c +++ b/xfixes/xfixes.c @@ -69,6 +69,7 @@ ProcXFixesQueryVersion(ClientPtr client) REQUEST(xXFixesQueryVersionReq); REQUEST_SIZE_MATCH(xXFixesQueryVersionReq); + memset(&rep, 0, sizeof(xXFixesQueryVersionReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; diff --git a/xkb/xkb.c b/xkb/xkb.c index 30d58bf17..7e756d1ee 100644 --- a/xkb/xkb.c +++ b/xkb/xkb.c @@ -179,6 +179,7 @@ ProcXkbUseExtension(ClientPtr client) stuff->wantedMajor,stuff->wantedMinor, XkbMajorVersion,XkbMinorVersion); } + memset(&rep, 0, sizeof(xkbUseExtensionReply)); rep.type = X_Reply; rep.supported = supported; rep.length = 0; @@ -1363,7 +1364,7 @@ unsigned i,len; char *desc,*start; len= (rep->length*4)-(SIZEOF(xkbGetMapReply)-SIZEOF(xGenericReply)); - start= desc= (char *)xalloc(len); + start= desc= (char *)xcalloc(1, len); if (!start) return BadAlloc; if ( rep->nTypes>0 ) @@ -3773,6 +3774,7 @@ ProcXkbGetNames(ClientPtr client) CHK_MASK_LEGAL(0x01,stuff->which,XkbAllNamesMask); xkb = dev->key->xkbInfo->desc; + memset(&rep, 0, sizeof(xkbGetNamesReply)); rep.type= X_Reply; rep.sequenceNumber= client->sequence; rep.length = 0; @@ -5353,6 +5355,7 @@ ProcXkbPerClientFlags(ClientPtr client) CHK_MASK_MATCH(0x02,stuff->change,stuff->value); interest = XkbFindClientResource((DevicePtr)dev,client); + memset(&rep, 0, sizeof(xkbPerClientFlagsReply)); rep.type= X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c index 6c2d32d75..a2b99a269 100644 --- a/xkb/xkbEvents.c +++ b/xkb/xkbEvents.c @@ -838,6 +838,7 @@ XkbSrvLedInfoPtr sli; } if (pChanges->map.changed) { xkbMapNotify mn; + memset(&mn, 0, sizeof(xkbMapNotify)); mn.changed= pChanges->map.changed; mn.firstType= pChanges->map.first_type; mn.nTypes= pChanges->map.num_types; @@ -859,6 +860,7 @@ XkbSrvLedInfoPtr sli; if ((pChanges->ctrls.changed_ctrls)|| (pChanges->ctrls.enabled_ctrls_changes)) { xkbControlsNotify cn; + memset(&cn, 0, sizeof(xkbControlsNotify)); cn.changedControls= pChanges->ctrls.changed_ctrls; cn.enabledControlChanges= pChanges->ctrls.enabled_ctrls_changes; cn.keycode= cause->kc; @@ -871,6 +873,7 @@ XkbSrvLedInfoPtr sli; xkbIndicatorNotify in; if (sli==NULL) sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0); + memset(&in, 0, sizeof(xkbIndicatorNotify)); in.state= sli->effectiveState; in.changed= pChanges->indicators.map_changes; XkbSendIndicatorNotify(kbd,XkbIndicatorMapNotify,&in); @@ -879,12 +882,14 @@ XkbSrvLedInfoPtr sli; xkbIndicatorNotify in; if (sli==NULL) sli= XkbFindSrvLedInfo(kbd,XkbDfltXIClass,XkbDfltXIId,0); + memset(&in, 0, sizeof(xkbIndicatorNotify)); in.state= sli->effectiveState; in.changed= pChanges->indicators.state_changes; XkbSendIndicatorNotify(kbd,XkbIndicatorStateNotify,&in); } if (pChanges->names.changed) { xkbNamesNotify nn; + memset(&nn, 0, sizeof(xkbNamesNotify)); nn.changed= pChanges->names.changed; nn.firstType= pChanges->names.first_type; nn.nTypes= pChanges->names.num_types; @@ -897,6 +902,7 @@ XkbSrvLedInfoPtr sli; } if ((pChanges->compat.changed_groups)||(pChanges->compat.num_si>0)) { xkbCompatMapNotify cmn; + memset(&cmn, 0, sizeof(xkbCompatMapNotify)); cmn.changedGroups= pChanges->compat.changed_groups; cmn.firstSI= pChanges->compat.first_si; cmn.nSI= pChanges->compat.num_si; diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c index 98f9fc503..aa63b35ab 100644 --- a/xkb/xkbUtils.c +++ b/xkb/xkbUtils.c @@ -2097,6 +2097,7 @@ XkbCopyDeviceKeymap(DeviceIntPtr dst, DeviceIntPtr src) if (!dst->key || !src->key) return FALSE; + memset(&nkn, 0, sizeof(xkbNewKeyboardNotify)); nkn.oldMinKeyCode = dst->key->xkbInfo->desc->min_key_code; nkn.oldMaxKeyCode = dst->key->xkbInfo->desc->max_key_code; nkn.deviceID = dst->id; -- cgit v1.2.3