From 90cd5c38ee197448dbdd84ca044c04b4fed37714 Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Tue, 13 May 2025 16:46:20 +0200
Subject: [PATCH] randr: skip payload assembly in ProcRRGetScreenInfo() no data
 to send

If there's no data to send, the whole reply payload can be skipped entirely.
This can also ease the whole code flow, and we don't need to rely on the
individual copy loops never trying to dereference a NULL pointer.
(what the analyzer can't proof). Also scoping several some variables that
are only used when there actually is data to send.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 randr/rrscreen.c | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/randr/rrscreen.c b/randr/rrscreen.c
index 7ca21d410..56e1a4a5f 100644
--- a/randr/rrscreen.c
+++ b/randr/rrscreen.c
@@ -774,8 +774,6 @@ ProcRRGetScreenInfo(ClientPtr client)
     }
     else {
         int i, j;
-        xScreenSizes *size;
-        CARD16 *rates;
         CARD8 *data8;
         Bool has_rate = RRClientKnowsRates(client);
         RR10DataPtr pData;
@@ -803,21 +801,20 @@ ProcRRGetScreenInfo(ClientPtr client)
         if (has_rate)
             extraLen += rep.nrateEnts * sizeof(CARD16);
 
-        if (extraLen) {
-            extra = (CARD8 *) malloc(extraLen);
-            if (!extra) {
-                free(pData);
-                return BadAlloc;
-            }
+        if (!extraLen)
+            goto finish; // no extra payload
+
+        extra = calloc(1, extraLen);
+        if (!extra) {
+            free(pData);
+            return BadAlloc;
         }
-        else
-            extra = NULL;
 
         /*
          * First comes the size information
          */
-        size = (xScreenSizes *) extra;
-        rates = (CARD16 *) (size + rep.nSizes);
+        xScreenSizes *size = (xScreenSizes *) extra;
+        CARD16 *rates = (CARD16 *) (size + rep.nSizes);
         for (i = 0; i < pData->nsize; i++) {
             pSize = &pData->sizes[i];
             size->widthInPixels = pSize->width;
@@ -846,7 +843,6 @@ ProcRRGetScreenInfo(ClientPtr client)
                 }
             }
         }
-        free(pData);
 
         data8 = (CARD8 *) rates;
 
@@ -854,6 +850,9 @@ ProcRRGetScreenInfo(ClientPtr client)
             FatalError("RRGetScreenInfo bad extra len %ld != %ld\n",
                        (unsigned long) (data8 - (CARD8 *) extra), extraLen);
         rep.length = bytes_to_int32(extraLen);
+
+finish:
+        free(pData);
     }
     if (client->swapped) {
         swaps(&rep.sequenceNumber);