Unlikely to practically happen, but still safer to just check for sure.
A simple zero-value test doesn't cost us much (on modern CPUs perhaps
not even a full clock cycle).
| ../composite/compalloc.c: In function ‘compRedirectWindow’:
| ../composite/compalloc.c:167:35: warning: dereference of NULL ‘pClient’ [CWE-476] [-Wanalyzer-null-dereference]
| 167 | ccw->id = FakeClientID(pClient->index);
| | ~~~~~~~^~~~~~~
| ../composite/compalloc.c: In function ‘compUnredirectWindow’:
| ../composite/compalloc.c:331:75: warning: dereference of NULL ‘pClient’ [CWE-476] [-Wanalyzer-null-dereference]
| 331 | if (ccw->update == update && dixClientIdForXID(ccw->id) == pClient->index) {
| | ~~~~~~~^~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Since GetPictureScreenIfSet() explicitly can return NULL, better be
prepared for that to happen (instead of hard crash)
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even if those situations shouldn't practically happen, it's better to have
some sanity checks just in case.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though it shouldn't practically happen, better adding a trivial check,
just in case. The check is really cheap and possibly optimized-out.
| ../render/filter.c: In function ‘SetPicturePictFilter’:
| ../render/filter.c:388:36: warning: dereference of possibly-NULL ‘new_params’ [CWE-690] [-Wanalyzer-possible-null-dereference]
| 388 | pPicture->filter_params[i] = params[i];
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though it practically should never happen, but just in case, and
for silencing the analyzer, add an extra check here (which doesn't
cost us much).
| ../render/picture.c: In function ‘cpAlphaMap’:
| ../render/picture.c:1002:30: warning: dereference of NULL ‘screen’ [CWE-476] [-Wanalyzer-null-dereference]
| 1002 | id = res->info[screen->myNum].id;
| | ~~~~~~^~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though it's probably never happening, but still better to protect from it,
just in case. The extra cost of it hard to measure on today's machines.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Reduce the analyzer spam a bit by adding some extra asserts.
Since it's test code, we can't have enough of them anyways ;-)
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though the situation probably never happens, but better being extra
cautious, just in case.
| ../record/set.c: In function ‘IntervalListCreateSet’:
| ../record/set.c:364:5: warning: use of NULL ‘stackIntervals’ where non-null expected [CWE-476] [-Wanalyzer-null-argument]
| 364 | memcpy(&prls[1], stackIntervals, nIntervals * sizeof(RecordSetInterval));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Adding a little bit more logging to the startup process, eg. telling
when outputs or inputs have been initialized. Serving as a little aid for
debugging driver problems.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though it might never be actually hit, it's better to have an
(really cheap) extra check, just in case.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though it probably won't be hit ever, it's still better to be
really sure instead of some remote chance for hard segfault.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
As safety precaution, clear the pointers to extion records that just
have been free()ed.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
The checking / branchin isn't entirely trivial to understand, and the
analyzer also gets confused. So rewrite it in an simpler way that's
easier to understand both the human reader as well as the analyzer.
(and so get rid of yet another false alarm)
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
For type-safety turn xfreeData() macro into an inline function.
Also adding some checks against accidentially free()'ing global data.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
The analyzer giving a false alarm on potential NULL-pointer deref here.
Even though that case can't happen, it's also not immediately clear
to the human reader.
To make both the analyzer as well human reader happier, reformulating
this function to by using fast-return pattern.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
There might be a chance that RegionUninit() is trying to free() some
struct that's actually coming from .data segment.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
The analyzer is wrong here, because the free'd closure pointer really points
to some calloc()'d chunk, instead of the PolyText()'s stack frame.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
It's safer not relying on all ScreenProc's actually filled.
../dix/events.c: In function ‘CheckPhysLimits’:
../dix/events.c:780:14: warning: dereference of NULL ‘pScreen’ [CWE-476] [-Wanalyzer-null-dereference]
780 | (*pScreen->SetCursorPosition)
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
The pointer to the window properties is currently inside the WindowOptional
structure, which may or may not exist at any given time. Thus, before accessing
those fields, at least need to check whether it exists, potentially need to
create it first.
Since a pointer is small (in relation to WindowRec) and windows having properties
is a pretty common, we can make our life much simpler here by moving the pointer
directly into WindowRec, so we don't need extra WindowOptionalRec allocation.
This also fixes an analyzer warning on potential NULL dereference issue:
| ../dix/property.c: In function ‘dixChangeWindowProperty’:
|../dix/property.c:343:37: warning: dereference of NULL ‘*pWin.optional’ [CWE-476] [-Wanalyzer-null-dereference]
| 343 | pProp->next = pWin->optional->userProps;
| | ~~~~~~~~~~~~~~^~~~~~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
There's a (theoretical) chance that origGC might be NULL, so better
be cautious and check for this - doesn't cost us much, probably just
another JZ instruction.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Be more cautious on possible NULL pointers or not yet registered
devPrivates. Better a gracefully fail instead of hard segfault.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though it *should* never be actually hit, it's still safer
to check for NULL instead of letting us crash with segfault.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though it's unlikely ever getting it, still safer to have some
extra checks / asserts than unexpected segfault.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Safer (and easier to understand) if we look at the result pointer
instead of the counter for testing whether device wasn't found.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Better try to handle memory allocation gracefully than just hard
crashing by segfault.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Even though chances are really low it's ever getting hit, it's still safer
to have some sanity checks (which don't cost us much) than risking segfault.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
There's (remote) chance that the (internal) module name could become
NULL (eg. allocation failure). Even though chances to hit it are very
low, it's still better to have a check here (that doesn't cost us much),
just in case. Assert fail is still better than segfault, since we're
at least getting some hint what might have happened.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Adding paranoid extra checks against allocation failure and NULL pointers.
Even though might not be actually hit in practise, it's still better to
be cautious, just in case. And reducing analyzer noise this way.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
The analyzer warnings (possible NULL dereference) are probably just
false alarms. But for safety adding assert()'s, which don't cost us
anything in non-debug builds.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
| ../glx/glxcmds.c: In function ‘xorgGlxMakeCurrent’:
| ../glx/glxcmds.c:621:24: warning: use of uninitialized value ‘status’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
| 621 | return status;
| | ^~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
If this ever happens, we clearly have a bug, so print out proper warning,
instead of silently crashing the Xserver.
| ../glx/glxcmds.c: In function ‘validGlxFBConfigForWindow’:
| ../glx/glxcmds.c:127:16: warning: dereference of NULL ‘pVisual’ [CWE-476] [-Wanalyzer-null-dereference]
| 127 | if (pVisual->class != glxConvertToXVisualType(config->visualType) ||
| | ~~~~~~~^~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
| ../glx/glxdricommon.c: In function ‘createModeFromConfig’:
| ../glx/glxdricommon.c:142:23: warning: dereference of possibly-NULL ‘config’ [CWE-690] [-Wanalyzer-possible-null-dereference]
| 142 | config->driConfig = driConfig;
Consumers can already handle returning NULL, so this seems the best compromise.
It will look like we don't have any modes at all. Certainly not nice, but at
least better than completely crashing the Xserver.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Enrico Weigelt, metux IT consult