From b28285332e44949509f8cc977b91050a02046919 Mon Sep 17 00:00:00 2001 From: "Enrico Weigelt, metux IT consult" Date: Wed, 7 May 2025 14:58:32 +0200 Subject: [PATCH] xfree86: parser: check for alloc failure and possible NULL pointers Adding paranoid extra checks against allocation failure and NULL pointers. Even though might not be actually hit in practise, it's still better to be cautious, just in case. And reducing analyzer noise this way. Signed-off-by: Enrico Weigelt, metux IT consult --- hw/xfree86/parser/Files.c | 8 ++++++-- hw/xfree86/parser/Flags.c | 5 +++++ hw/xfree86/parser/Layout.c | 6 +++--- hw/xfree86/parser/Module.c | 3 +++ hw/xfree86/parser/OutputClass.c | 5 ++++- hw/xfree86/parser/scan.c | 6 ++++-- 6 files changed, 25 insertions(+), 8 deletions(-) diff --git a/hw/xfree86/parser/Files.c b/hw/xfree86/parser/Files.c index fba99a864..6f88b7bd7 100644 --- a/hw/xfree86/parser/Files.c +++ b/hw/xfree86/parser/Files.c @@ -55,6 +55,8 @@ #include #endif +#include + #include #include "xf86Parser.h" #include "xf86tokens.h" @@ -109,9 +111,9 @@ xf86parseFilesSection(void) } } ptr->file_fontpath = realloc(ptr->file_fontpath, i); + assert(ptr->file_fontpath); if (j) strcat(ptr->file_fontpath, ","); - strcat(ptr->file_fontpath, str); free(xf86_lex_val.str); break; @@ -121,7 +123,8 @@ xf86parseFilesSection(void) l = FALSE; str = xf86_lex_val.str; if (ptr->file_modulepath == NULL) { - ptr->file_modulepath = malloc(1); + ptr->file_modulepath = calloc(1, 1); + assert(ptr->file_modulepath); ptr->file_modulepath[0] = '\0'; k = strlen(str) + 1; } @@ -134,6 +137,7 @@ xf86parseFilesSection(void) } } ptr->file_modulepath = realloc(ptr->file_modulepath, k); + assert(ptr->file_modulepath); if (l) strcat(ptr->file_modulepath, ","); diff --git a/hw/xfree86/parser/Flags.c b/hw/xfree86/parser/Flags.c index 7d35bb7ea..a6b1bddf7 100644 --- a/hw/xfree86/parser/Flags.c +++ b/hw/xfree86/parser/Flags.c @@ -55,6 +55,8 @@ #include #endif +#include + #include "xf86Parser.h" #include "xf86tokens.h" #include "Configint.h" @@ -200,6 +202,7 @@ addNewOption2(XF86OptionPtr head, char *name, char *_val, int used) } else new = calloc(1, sizeof(*new)); + assert(new); new->opt_name = name; new->opt_val = _val; new->opt_used = used; @@ -437,6 +440,7 @@ xf86parseOption(XF86OptionPtr head) name = xf86_lex_val.str; if ((token = xf86getSubToken(&comment)) == STRING) { option = xf86newOption(name, xf86_lex_val.str); + assert(option); option->opt_comment = comment; if ((token = xf86getToken(NULL)) == COMMENT) { option->opt_comment = xf86addComment(option->opt_comment, xf86_lex_val.str); @@ -448,6 +452,7 @@ xf86parseOption(XF86OptionPtr head) } else { option = xf86newOption(name, NULL); + assert(option); option->opt_comment = comment; if (token == COMMENT) { option->opt_comment = xf86addComment(option->opt_comment, xf86_lex_val.str); diff --git a/hw/xfree86/parser/Layout.c b/hw/xfree86/parser/Layout.c index 1c2e8f6e0..2a3b17d98 100644 --- a/hw/xfree86/parser/Layout.c +++ b/hw/xfree86/parser/Layout.c @@ -450,9 +450,9 @@ xf86layoutAddInputDevices(XF86ConfigPtr config, XF86ConfLayoutPtr layout) } if (!iref) { - XF86ConfInputrefPtr iptr; - - iptr = calloc(1, sizeof(XF86ConfInputrefRec)); + XF86ConfInputrefPtr iptr = calloc(1, sizeof(XF86ConfInputrefRec)); + if (!iptr) + return -1; iptr->iref_inputdev_str = input->inp_identifier; layout->lay_input_lst = (XF86ConfInputrefPtr) xf86addListItem((glp) layout->lay_input_lst, (glp) iptr); diff --git a/hw/xfree86/parser/Module.c b/hw/xfree86/parser/Module.c index 9a166aff2..d85e5aaae 100644 --- a/hw/xfree86/parser/Module.c +++ b/hw/xfree86/parser/Module.c @@ -56,6 +56,8 @@ #include #endif +#include + #include "xf86Parser.h" #include "xf86tokens.h" #include "Configint.h" @@ -228,6 +230,7 @@ xf86addNewLoadDirective(XF86LoadPtr head, const char *name, int type, int token; new = calloc(1, sizeof(XF86LoadRec)); + assert(new); new->load_name = name; new->load_type = type; new->load_opt = opts; diff --git a/hw/xfree86/parser/OutputClass.c b/hw/xfree86/parser/OutputClass.c index 4c5340a03..bc37dc8d2 100644 --- a/hw/xfree86/parser/OutputClass.c +++ b/hw/xfree86/parser/OutputClass.c @@ -58,9 +58,12 @@ xf86freeOutputClassList(XF86ConfOutputClassPtr ptr) xorg_list_for_each_entry_safe(group, next, &ptr->match_driver, entry) { xorg_list_del(&group->entry); - for (list = group->values; *list; list++) + for (list = group->values; *list; list++) { free(*list); + *list = NULL; + } free(group); + group = NULL; } xf86optionListFree(ptr->option_lst); diff --git a/hw/xfree86/parser/scan.c b/hw/xfree86/parser/scan.c index 471e3adb3..289d82abd 100644 --- a/hw/xfree86/parser/scan.c +++ b/hw/xfree86/parser/scan.c @@ -569,7 +569,6 @@ static char * DoSubstitution(const char *template, const char *cmdline, const char *projroot, int *cmdlineUsed, int *envUsed, const char *XConfigFile) { - char *result; int i, l; static const char *env = NULL; static char *hostname = NULL; @@ -582,7 +581,10 @@ DoSubstitution(const char *template, const char *cmdline, const char *projroot, if (envUsed) *envUsed = 0; - result = malloc(PATH_MAX + 1); + char *result = calloc(1, PATH_MAX + 1); + if (!result) + return NULL; + l = 0; for (i = 0; template[i]; i++) { if (template[i] != '%') {