diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2010-05-07 19:21:42 -0700 |
|---|---|---|
| committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2010-05-07 19:21:42 -0700 |
| commit | 39993ef6f48cb3f9ee0cb0cd4dcef0d643cda698 (patch) | |
| tree | 4ca2b68e5eb99298792db0d2f0e0c3a5113bfd07 | |
| parent | ea0e0d0e3d45eb5e71542af835194514a6f8801c (diff) | |
Replace comments pointing to non-public X Consortium defect reports
Restored the original comments suggested by Paul Shearer of Sequent in the
patches he submitted with these fixes in the original X Consortium defect
reports from 1995, since modern readers can't refer to the referenced
bug reports in that old/closed bug db.
7328 Xdmcp: memory leak in XdmcpReadARRAYofARRAY8 when read fails
7329 Xdmcp: XdmcpReadARRAY and XdmcpDisposeARRAY routines may free twice
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
| -rw-r--r-- | Read.c | 54 |
1 files changed, 34 insertions, 20 deletions
@@ -54,11 +54,14 @@ XdmcpReadARRAY8 (XdmcpBufferPtr buffer, ARRAY8Ptr array) { int i; + /* + * When returning FALSE, guarantee that array->data = 0. + * This allows the user to safely call XdmcpDisposeARRAY8(array) + * regardless of the return value below. + * Note that XdmcpDisposeARRAY*(array) will call free(array->data), + * so we must guarantee that array->data is NULL or a malloced pointer. + */ if (!XdmcpReadCARD16 (buffer, &array->length)) { - - /* Must set array->data to NULL to guarantee safe call of - * XdmcpDisposeARRAY*(array) (which calls free(array->data)); - * see defect 7329 */ array->data = NULL; return FALSE; } @@ -88,11 +91,14 @@ XdmcpReadARRAY16 (XdmcpBufferPtr buffer, ARRAY16Ptr array) { int i; + /* + * When returning FALSE, guarantee that array->data = 0. + * This allows the user to safely call XdmcpDisposeARRAY16(array) + * regardless of the return value below. + * Note that XdmcpDisposeARRAY*(array) will call free(array->data), + * so we must guarantee that array->data is NULL or a malloced pointer. + */ if (!XdmcpReadCARD8 (buffer, &array->length)) { - - /* Must set array->data to NULL to guarantee safe call of - * XdmcpDisposeARRAY*(array) (which calls free(array->data)); - * see defect 7329 */ array->data = NULL; return FALSE; } @@ -122,11 +128,14 @@ XdmcpReadARRAY32 (XdmcpBufferPtr buffer, ARRAY32Ptr array) { int i; + /* + * When returning FALSE, guarantee that array->data = 0. + * This allows the user to safely call XdmcpDisposeARRAY32(array) + * regardless of the return value below. + * Note that XdmcpDisposeARRAY*(array) will call free(array->data), + * so we must guarantee that array->data is NULL or a malloced pointer. + */ if (!XdmcpReadCARD8 (buffer, &array->length)) { - - /* Must set array->data to NULL to guarantee safe call of - * XdmcpDisposeARRAY*(array) (which calls free(array->data)); - * see defect 7329 */ array->data = NULL; return FALSE; } @@ -156,11 +165,14 @@ XdmcpReadARRAYofARRAY8 (XdmcpBufferPtr buffer, ARRAYofARRAY8Ptr array) { CARD8 i; + /* + * When returning FALSE, guarantee that array->data = 0. + * This allows the user to safely call XdmcpDisposeARRAYofARRAY8(array) + * regardless of the return value below. + * Note that XdmcpDisposeARRAY*(array) will call free(array->data), + * so we must guarantee that array->data is NULL or a malloced pointer. + */ if (!XdmcpReadCARD8 (buffer, &array->length)) { - - /* Must set array->data to NULL to guarantee safe call of - * XdmcpDisposeARRAY*(array) (which calls free(array->data)); - * see defect 7329 */ array->data = NULL; return FALSE; } @@ -176,10 +188,12 @@ XdmcpReadARRAYofARRAY8 (XdmcpBufferPtr buffer, ARRAYofARRAY8Ptr array) { if (!XdmcpReadARRAY8 (buffer, &array->data[i])) { - - /* All arrays allocated thus far in the loop must be freed - * if there is an error in the read. - * See Defect 7328 */ + /* + * We must free all of the arrays allocated thus far in the loop + * and free array->data and finally set array->data = 0; + * The easiest way to do this is to reset the length and call + * XdmcpDisposeARRAYofARRAY8(array). + */ array->length = i; XdmcpDisposeARRAYofARRAY8(array); return FALSE; |