From 6c06c268adbab63ebe7490489aa030724cbdc54b Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sun, 18 Aug 2013 18:02:49 -0700 Subject: [PATCH] Skip damage calls if DamageCreate fails in exa functions Fixes parfait errors such as: Null pointer dereference (CWE 476): Write to null pointer pDamage at line 1833 of miext/damage/damage.c in function 'DamageRegister'. Function DamageCreate may return constant 'NULL' at line 1775, called at line 232 of exa/exa_migration_mixed.c in function 'exaPrepareAccessReg_mixed'. Constant 'NULL' passed into function DamageRegister, argument pDamage, from call at line 237. Null pointer introduced at line 1775 of miext/damage/damage.c in function 'DamageCreate'. Null pointer dereference (CWE 476): Write to null pointer pDamage at line 1833 of miext/damage/damage.c in function 'DamageRegister'. Function DamageCreate may return constant 'NULL' at line 1775, called at line 104 of exa/exa_mixed.c in function 'exaCreatePixmap_mixed'. Constant 'NULL' passed into function DamageRegister, argument pDamage, from call at line 109. Null pointer introduced at line 1775 of miext/damage/damage.c in function 'DamageCreate'. Checks are similar to handling results of other calls to DamageCreate. [ This bug was found by the Parfait 1.3.0 bug checking tool. http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ] Signed-off-by: Alan Coopersmith --- exa/exa_migration_mixed.c | 11 +++++++---- exa/exa_mixed.c | 11 +++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/exa/exa_migration_mixed.c b/exa/exa_migration_mixed.c index 5e0bf152a..cf66327b3 100644 --- a/exa/exa_migration_mixed.c +++ b/exa/exa_migration_mixed.c @@ -233,10 +233,13 @@ exaPrepareAccessReg_mixed(PixmapPtr pPixmap, int index, RegionPtr pReg) pPixmap->drawable.pScreen, pPixmap); - DamageRegister(&pPixmap->drawable, pExaPixmap->pDamage); - /* This ensures that pending damage reflects the current operation. */ - /* This is used by exa to optimize migration. */ - DamageSetReportAfterOp(pExaPixmap->pDamage, TRUE); + if (pExaPixmap->pDamage) { + DamageRegister(&pPixmap->drawable, pExaPixmap->pDamage); + /* This ensures that pending damage reflects the current + * operation. This is used by exa to optimize migration. + */ + DamageSetReportAfterOp(pExaPixmap->pDamage, TRUE); + } if (has_gpu_copy) { exaPixmapDirty(pPixmap, 0, 0, pPixmap->drawable.width, diff --git a/exa/exa_mixed.c b/exa/exa_mixed.c index 3e2dcf263..b43dfec42 100644 --- a/exa/exa_mixed.c +++ b/exa/exa_mixed.c @@ -106,10 +106,13 @@ exaCreatePixmap_mixed(ScreenPtr pScreen, int w, int h, int depth, pPixmap->drawable.pScreen, pPixmap); - DamageRegister(&pPixmap->drawable, pExaPixmap->pDamage); - /* This ensures that pending damage reflects the current operation. */ - /* This is used by exa to optimize migration. */ - DamageSetReportAfterOp(pExaPixmap->pDamage, TRUE); + if (pExaPixmap->pDamage) { + DamageRegister(&pPixmap->drawable, pExaPixmap->pDamage); + /* This ensures that pending damage reflects the current + * operation. This is used by exa to optimize migration. + */ + DamageSetReportAfterOp(pExaPixmap->pDamage, TRUE); + } } }