[at-spi2-core] registryd: Avoid crashing with a NULL keystring

From: Mike Gorse <mgorse src gnome org>
To: commits-list gnome org
Cc:
Subject: [at-spi2-core] registryd: Avoid crashing with a NULL keystring
Date: Mon, 11 Apr 2016 15:51:01 +0000 (UTC)

commit bb8118284fa248b74f59426f73497fc012469198
Author: Rui Matos <tiagomatos gmail com>
Date:   Wed Apr 6 16:40:44 2016 +0200

    registryd: Avoid crashing with a NULL keystring
    
    From a coverity check:
    
    1. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1167:
    deref_ptr_in_call: Dereferencing pointer "keystring".
    2. at-spi2-core-2.14.1/registryd/deviceeventcontroller-x11.c:1169:
    check_after_deref: Null-checking "keystring" suggests that it may be
    null, but it has already been dereferenced on all paths leading to the
    check.
    (keystring, -1, &c))) {
    
    https://bugzilla.gnome.org/show_bug.cgi?id=764688

 registryd/deviceeventcontroller-x11.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/registryd/deviceeventcontroller-x11.c b/registryd/deviceeventcontroller-x11.c
index 5c2cf89..f8df6d8 100644
--- a/registryd/deviceeventcontroller-x11.c
+++ b/registryd/deviceeventcontroller-x11.c
@@ -1165,8 +1165,6 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint
        const gchar *c;
        KeySym keysym;
 
-       maxlen = strlen (keystring) + 1;
-       keysyms = g_new0 (KeySym, maxlen);
        if (!(keystring && *keystring && g_utf8_validate (keystring, -1, &c))) { 
                retval = FALSE;
        } 
@@ -1174,6 +1172,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint
 #ifdef SPI_DEBUG
                fprintf (stderr, "[keystring synthesis attempted on %s]\n", keystring);
 #endif
+               maxlen = strlen (keystring) + 1;
+               keysyms = g_new0 (KeySym, maxlen);
+
                while (keystring && (unichar = g_utf8_get_char (keystring))) {
                        char bytes[6];
                        gint mbytes;
@@ -1207,8 +1208,9 @@ spi_dec_x11_synth_keystring (SpiDEController *controller, guint synth_type, gint
                        }
                }
                XSynchronize (spi_get_display (), FALSE);
+
+               g_free (keysyms);
        }
-       g_free (keysyms);
 
        if (synth_type == Accessibility_KEY_SYM) {
                keysym = keycode;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]