From c4642f26325f783ead12895897d34175e218a6a8 Mon Sep 17 00:00:00 2001 From: "Enrico Weigelt, metux IT consult" Date: Tue, 6 May 2025 16:56:51 +0200 Subject: [PATCH] Xext: shape: fix warning on possible NULL dereference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Try not to rely on deep black magic of calloc(), instead skip the whole part of nrects is zero. | ../Xext/shape.c: In function ‘ProcShapeGetRectangles’: | ../Xext/shape.c:995:24: warning: dereference of possibly-NULL ‘rects’ [CWE-690] [-Wanalyzer-possible-null-dereference] | 995 | rects[i].x = box->x1; | | ~~~~~~~~~~~^~~~~~~~~ Signed-off-by: Enrico Weigelt, metux IT consult --- Xext/shape.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/Xext/shape.c b/Xext/shape.c index 05e071be5..8b8615828 100644 --- a/Xext/shape.c +++ b/Xext/shape.c @@ -938,7 +938,7 @@ ProcShapeGetRectangles(ClientPtr client) REQUEST(xShapeGetRectanglesReq); WindowPtr pWin; xShapeGetRectanglesReply rep; - xRectangle *rects; + xRectangle *rects = NULL; int nrects, i, rc; RegionPtr region; @@ -991,14 +991,16 @@ ProcShapeGetRectangles(ClientPtr client) nrects = RegionNumRects(region); box = RegionRects(region); - rects = xallocarray(nrects, sizeof(xRectangle)); - if (!rects && nrects) - return BadAlloc; - for (i = 0; i < nrects; i++, box++) { - rects[i].x = box->x1; - rects[i].y = box->y1; - rects[i].width = box->x2 - box->x1; - rects[i].height = box->y2 - box->y1; + if (nrects) { + rects = calloc(nrects, sizeof(xRectangle)); + if (!rects) + return BadAlloc; + for (i = 0; i < nrects; i++, box++) { + rects[i].x = box->x1; + rects[i].y = box->y1; + rects[i].width = box->x2 - box->x1; + rects[i].height = box->y2 - box->y1; + } } } rep = (xShapeGetRectanglesReply) {