From d73e6b21e10f2a3d1f6e313b40f66c009c09a79c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 13:05:20 +0100 Subject: [PATCH 01/16] [prevent][42870] Fix for null pointer dereference Change-Id: I74e51363d0e6ec34e9b771f605d283f1311af803 --- test/at_spi2_tool.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/at_spi2_tool.c b/test/at_spi2_tool.c index d7b91d5..63a3adb 100644 --- a/test/at_spi2_tool.c +++ b/test/at_spi2_tool.c @@ -323,10 +323,10 @@ static char *_get_info(AtspiAccessible *node, int length_limit, bool *attributes unique_id, (uintptr_t)eo_ptr, node_role_name, attributes, - box_size->x, - box_size->y, - box_size->width, - box_size->height, + box_size ? box_size->x : "nil", + box_size ? box_size->y : "nil", + box_size ? box_size->width : "nil", + box_size ? box_size->height : "nil", node_name, states, current_node_has_relations ? "*" : ""); -- 2.7.4 From beecc51454d67b6af1388cd855063a8abcc34c11 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 16:30:53 +0100 Subject: [PATCH 02/16] [prevent][32379] Fix for resource leakage Change-Id: I901af1e8739151b1d13b38c7d596678e1a286704 --- registryd/deviceeventcontroller.c | 1 + 1 file changed, 1 insertion(+) diff --git a/registryd/deviceeventcontroller.c b/registryd/deviceeventcontroller.c index 62cd706..0039464 100644 --- a/registryd/deviceeventcontroller.c +++ b/registryd/deviceeventcontroller.c @@ -1371,6 +1371,7 @@ impl_register_keystroke_listener (DBusConnection *bus, Accessibility_KeyDefinition *kd = (Accessibility_KeyDefinition *)g_malloc(sizeof(Accessibility_KeyDefinition)); if (!spi_dbus_message_iter_get_struct(&iter_array, DBUS_TYPE_INT32, &kd->keycode, DBUS_TYPE_INT32, &kd->keysym, DBUS_TYPE_STRING, &keystring, DBUS_TYPE_INVALID)) { + g_free (kd); break; } kd->keystring = g_strdup (keystring); -- 2.7.4 From d202f76f8965ceadd21e4095c87a6d4805c2febc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 16:37:03 +0100 Subject: [PATCH 03/16] [prevent][42562] Fix for resource leakage Change-Id: Iabf4421164e91f6bcafe3b3be43932e0cf4de098 --- registryd/deviceeventcontroller.c | 1 + 1 file changed, 1 insertion(+) diff --git a/registryd/deviceeventcontroller.c b/registryd/deviceeventcontroller.c index 0039464..a7d3769 100644 --- a/registryd/deviceeventcontroller.c +++ b/registryd/deviceeventcontroller.c @@ -1582,6 +1582,7 @@ impl_deregister_keystroke_listener (DBusConnection *bus, if (!spi_dbus_message_iter_get_struct(&iter_array, DBUS_TYPE_INT32, &kd->keycode, DBUS_TYPE_INT32, &kd->keysym, DBUS_TYPE_STRING, &keystring, DBUS_TYPE_INVALID)) { + g_free(kd); break; } kd->keystring = g_strdup (keystring); -- 2.7.4 From 13c2ca4b4f9cfbfb7a40bfb37427621d5c5937aa Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 17:45:31 +0100 Subject: [PATCH 04/16] [prevent][42662] Fix for unchecked return value Change-Id: Iee850e8fb485800d5c045fe4c7cd81728defd1d6 --- atspi/atspi-misc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/atspi/atspi-misc.c b/atspi/atspi-misc.c index 5895935..5c0a40d 100644 --- a/atspi/atspi-misc.c +++ b/atspi/atspi-misc.c @@ -999,6 +999,7 @@ check_for_hang (DBusMessage *message, DBusError *error, DBusConnection *bus, con DBusMessage *message; gchar *bus_name_dup; DBusPendingCall *pending = NULL; + dbus_bool_t result; for (l = hung_processes; l; l = l->next) if (!strcmp (l->data, bus_name)) return; @@ -1007,9 +1008,9 @@ check_for_hang (DBusMessage *message, DBusError *error, DBusConnection *bus, con "Ping"); if (!message) return; - dbus_connection_send_with_reply (bus, message, &pending, -1); + result = dbus_connection_send_with_reply (bus, message, &pending, -1); dbus_message_unref (message); - if (!pending) + if (!result || !pending) return; bus_name_dup = g_strdup (bus_name); hung_processes = g_slist_append (hung_processes, bus_name_dup); -- 2.7.4 From 20039e5dd5f5a5c2defdfc294ff2e841e5fad93d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 18:08:19 +0100 Subject: [PATCH 05/16] [prevent][43479] Fix for missing va_end in _atspi_dbus_call_partial Change-Id: Ice71e5aaa543ca7908464538f15f3fbd921c464f --- atspi/atspi-misc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/atspi/atspi-misc.c b/atspi/atspi-misc.c index 5c0a40d..65003df 100644 --- a/atspi/atspi-misc.c +++ b/atspi/atspi-misc.c @@ -1107,9 +1107,11 @@ _atspi_dbus_call_partial (gpointer obj, const char *type, ...) { va_list args; - + DBusMessage * result; va_start (args, type); - return _atspi_dbus_call_partial_va (obj, interface, method, error, type, args); + result = _atspi_dbus_call_partial_va (obj, interface, method, error, type, args); + va_end (args); + return result; } -- 2.7.4 From ce84aa421cb6e12272ce6acc753363dc8daf9c45 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Thu, 15 Mar 2018 18:51:27 +0100 Subject: [PATCH 06/16] [prevent][25425] at_spi2_tool: make sure app_name is set in _atspi_tree_traverse "prevent" bug 25425 is a false positive, but it's a good practice to check function arguments before using them Change-Id: I884803613b670d1126120a689bb21ac78e87b8ab --- test/at_spi2_tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/at_spi2_tool.c b/test/at_spi2_tool.c index 63a3adb..fb9739a 100644 --- a/test/at_spi2_tool.c +++ b/test/at_spi2_tool.c @@ -633,7 +633,7 @@ static void _atspi_tree_traverse(const char *app_name, bool dump, bool check, bo if (!dump && !check) printf("%s\n", name); - if ((check || dump) && name && !strcmp(name, app_name)) { + if ((check || dump) && name && app_name && !strcmp(name, app_name)) { app_name_matched = true; _print_module_legend(); -- 2.7.4 From 8b853b5e6a4b0bba2b93ea411d8468b3db83eda5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 17:32:19 +0100 Subject: [PATCH 07/16] [prevent][38655] Fix for unchecked return value Change-Id: I117d7d12d0c2aa9f0ab32c239341ed2d91a5c14a --- atspi/atspi-misc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/atspi/atspi-misc.c b/atspi/atspi-misc.c index 65003df..678b566 100644 --- a/atspi/atspi-misc.c +++ b/atspi/atspi-misc.c @@ -229,6 +229,7 @@ get_application (const char *bus_name) char *bus_name_dup; DBusMessage *message; DBusPendingCall *pending = NULL; + dbus_bool_t result; if (!app_hash) { @@ -249,9 +250,9 @@ get_application (const char *bus_name) message = dbus_message_new_method_call (bus_name, atspi_path_root, atspi_interface_application, "GetApplicationBusAddress"); - dbus_connection_send_with_reply (app->bus, message, &pending, 2000); + result = dbus_connection_send_with_reply (app->bus, message, &pending, 2000); dbus_message_unref (message); - if (!pending) + if (!result || !pending) { g_hash_table_remove (app_hash, bus_name_dup); return NULL; -- 2.7.4 From 379fc7d0aec37c7bc96b9207b480cc7896c85bdd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 17:19:05 +0100 Subject: [PATCH 08/16] [prevent][35766] Fix for unchecked return value Change-Id: I5138fda2b7128e8f8bf06621fc6ec4086829d5c0 --- atspi/atspi-misc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/atspi/atspi-misc.c b/atspi/atspi-misc.c index 678b566..b36ece0 100644 --- a/atspi/atspi-misc.c +++ b/atspi/atspi-misc.c @@ -179,6 +179,7 @@ handle_get_bus_address (DBusPendingCall *pending, void *user_data) DBusMessage *message; const char *address; DBusPendingCall *new_pending; + dbus_bool_t result; if (dbus_message_get_type (reply) == DBUS_MESSAGE_TYPE_METHOD_RETURN) { @@ -215,9 +216,9 @@ handle_get_bus_address (DBusPendingCall *pending, void *user_data) "/org/a11y/atspi/cache", atspi_interface_cache, "GetItems"); - dbus_connection_send_with_reply (app->bus, message, &new_pending, 2000); + result = dbus_connection_send_with_reply (app->bus, message, &new_pending, 2000); dbus_message_unref (message); - if (!new_pending) + if (!result || !new_pending) return; dbus_pending_call_set_notify (new_pending, handle_get_items, app, NULL); } -- 2.7.4 From 60048931e054a39120edba1cb6531d72e803be60 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 17:01:03 +0100 Subject: [PATCH 09/16] [prevent][36018] Fix for unchecked return value Change-Id: I79eba8a9907b44a0ea349eaab0ab2704284a200f --- registryd/deviceeventcontroller.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/registryd/deviceeventcontroller.c b/registryd/deviceeventcontroller.c index a7d3769..fedf927 100644 --- a/registryd/deviceeventcontroller.c +++ b/registryd/deviceeventcontroller.c @@ -933,6 +933,7 @@ send_and_allow_reentry (DBusConnection *bus, DBusMessage *message, int timeout, { const char *dest = dbus_message_get_destination (message); GSList *l; + dbus_bool_t result; gchar *bus_name_dup; dbus_message_ref (message); dbus_pending_call_set_notify (pending, reset_hung_process, message, @@ -942,9 +943,9 @@ send_and_allow_reentry (DBusConnection *bus, DBusMessage *message, int timeout, "Ping"); if (!message) return NULL; - dbus_connection_send_with_reply (bus, message, &pending, -1); + result = dbus_connection_send_with_reply (bus, message, &pending, -1); dbus_message_unref (message); - if (!pending) + if (!result || !pending) return NULL; bus_name_dup = g_strdup (dest); dbus_pending_call_set_notify (pending, reset_hung_process_from_ping, -- 2.7.4 From d18befe7494d4db7b7f8fd039561e501c24a6388 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 19:31:00 +0100 Subject: [PATCH 10/16] [prevent][23957] Remove logically dead code Change-Id: I63b4a859375ba2813b6805db8d00521a41fe699e --- atspi/atspi-event-listener.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atspi/atspi-event-listener.c b/atspi/atspi-event-listener.c index 5c4b442..be04ad2 100644 --- a/atspi/atspi-event-listener.c +++ b/atspi/atspi-event-listener.c @@ -871,7 +871,7 @@ detail_matches_listener (const char *event_detail, const char *listener_detail) return TRUE; if (!event_detail) - return (listener_detail ? FALSE : TRUE); + return FALSE; return !(listener_detail [strcspn (listener_detail, ":")] == '\0' ? strncmp (listener_detail, event_detail, -- 2.7.4 From 3bcab0221fd5bbf0393ec54d4267e613bf1bb625 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 19:36:08 +0100 Subject: [PATCH 11/16] [prevent][35992] Fix for resource leakage Change-Id: Iee9baa0546c1aee54cd9fbea4e37b63360767759 --- atspi/atspi-collection.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/atspi/atspi-collection.c b/atspi/atspi-collection.c index f4e33ef..c893b49 100644 --- a/atspi/atspi-collection.c +++ b/atspi/atspi-collection.c @@ -81,10 +81,12 @@ static GArray * return_accessibles (DBusMessage *message) { DBusMessageIter iter, iter_array; - GArray *ret = g_array_new (TRUE, TRUE, sizeof (AtspiAccessible *)); + GArray *ret; _ATSPI_DBUS_CHECK_SIG (message, "a(so)", NULL, NULL); + ret = g_array_new (TRUE, TRUE, sizeof (AtspiAccessible *)); + dbus_message_iter_init (message, &iter); dbus_message_iter_recurse (&iter, &iter_array); -- 2.7.4 From 08ffe8cf81b44f282fa8b3c072772873e342e950 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 19:42:52 +0100 Subject: [PATCH 12/16] [prevent][24443] Fix for resource leakage Change-Id: Ie4377a46c1d96e2a88da9851e72e6aa7b5198d09 --- atspi/atspi-accessible.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/atspi/atspi-accessible.c b/atspi/atspi-accessible.c index 6612a21..db4688b 100644 --- a/atspi/atspi-accessible.c +++ b/atspi/atspi-accessible.c @@ -2058,10 +2058,12 @@ append_const_val (GArray *array, const gchar *val) GArray * atspi_accessible_get_interfaces (AtspiAccessible *obj) { - GArray *ret = g_array_new (TRUE, TRUE, sizeof (gchar *)); + GArray *ret; g_return_val_if_fail (obj != NULL, NULL); + ret = g_array_new (TRUE, TRUE, sizeof (gchar *)); + append_const_val (ret, "Accessible"); if (atspi_accessible_is_action (obj)) append_const_val (ret, "Action"); -- 2.7.4 From 2f30335eb4ead683a5803f8e77f37fb947b16410 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Fri, 16 Mar 2018 19:48:50 +0100 Subject: [PATCH 13/16] [prevent][40806] Fix for dereference after null check Change-Id: Ic7239f40dcd5270a6fa4edf95daf30459ebfcdd4 --- atspi/atspi-accessible.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atspi/atspi-accessible.c b/atspi/atspi-accessible.c index db4688b..e018379 100644 --- a/atspi/atspi-accessible.c +++ b/atspi/atspi-accessible.c @@ -173,7 +173,7 @@ atspi_accessible_dispose (GObject *object) g_object_unref (accessible); child->accessible_parent = NULL; } - g_object_unref (child); + g_clear_object (&child); } g_list_free (children); -- 2.7.4 From d3c1fc8c5aca4fca78c0c04580c9e4532eba8ff2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Tue, 20 Mar 2018 17:19:37 +0100 Subject: [PATCH 14/16] [prevent][38682] Fix for resource leak Change-Id: Iea61c399f59d2ddb2b55768f325c3005e01cfcf3 --- atspi/atspi-event-listener.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/atspi/atspi-event-listener.c b/atspi/atspi-event-listener.c index be04ad2..4f59939 100644 --- a/atspi/atspi-event-listener.c +++ b/atspi/atspi-event-listener.c @@ -766,6 +766,7 @@ atspi_event_listener_deregister_from_callback (AtspiEventListenerCB callback, GPtrArray *matchrule_array; gint i; GList *l; + gboolean result = TRUE; if (!convert_event_type_to_dbus (event_type, &category, &name, &detail, &matchrule_array)) { @@ -800,8 +801,10 @@ atspi_event_listener_deregister_from_callback (AtspiEventListenerCB callback, atspi_path_registry, atspi_interface_registry, "DeregisterEvent"); - if (!message) - return FALSE; + if (!message) { + result = FALSE; + break; + } dbus_message_append_args (message, DBUS_TYPE_STRING, &event_type, DBUS_TYPE_INVALID); reply = _atspi_dbus_send_with_reply_and_block (message, error); if (reply) @@ -817,7 +820,7 @@ atspi_event_listener_deregister_from_callback (AtspiEventListenerCB callback, for (i = 0; i < matchrule_array->len; i++) g_free (g_ptr_array_index (matchrule_array, i)); g_ptr_array_free (matchrule_array, TRUE); - return TRUE; + return result; } /** -- 2.7.4 From 02ed09df218988d25d8490075f9cb5052d1f29cb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Tue, 20 Mar 2018 18:01:04 +0100 Subject: [PATCH 15/16] [prevent][33973] Fix for unchecked return value Change-Id: I528adb092e1f8361dfbcb95ecc2d307587e26aac --- atspi/atspi-misc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/atspi/atspi-misc.c b/atspi/atspi-misc.c index b36ece0..e102c9b 100644 --- a/atspi/atspi-misc.c +++ b/atspi/atspi-misc.c @@ -872,7 +872,8 @@ atspi_init (void) bus = atspi_get_a11y_bus (); if (!bus) return 2; - dbus_bus_register (bus, NULL); + if (!dbus_bus_register (bus, NULL)) + return 2; atspi_dbus_connection_setup_with_g_main(bus, g_main_context_default()); dbus_connection_add_filter (bus, atspi_dbus_filter, NULL, NULL); match = g_strdup_printf ("type='signal',interface='%s',member='AddAccessible'", atspi_interface_cache); -- 2.7.4 From 32e740ae48265f78d66f85be61251ccb789f994f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pawe=C5=82=20Stawicki?= Date: Tue, 20 Mar 2018 18:32:38 +0100 Subject: [PATCH 16/16] [prevent][38358] Fix for resource leak Change-Id: I26e7404fa047899f55d4150e2ed427aa097a681f --- test/at_spi2_tool.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/at_spi2_tool.c b/test/at_spi2_tool.c index fb9739a..7039fb5 100644 --- a/test/at_spi2_tool.c +++ b/test/at_spi2_tool.c @@ -670,6 +670,7 @@ static void _at_spi_client_enable(gboolean enabled) { static GDBusProxy *proxy = NULL; //we keep proxy (dbus connection) until program exits GVariant *result; + GVariant *enabled_variant; GError *error = NULL; GDBusProxyFlags flags = G_DBUS_PROXY_FLAGS_NONE; @@ -690,13 +691,16 @@ static void _at_spi_client_enable(gboolean enabled) } } + enabled_variant = g_variant_new_boolean(enabled); result = g_dbus_proxy_call_sync(proxy, "Set", - g_variant_new ("(ssv)", "org.a11y.Status", "IsEnabled", g_variant_new_boolean(enabled)), + g_variant_new ("(ssv)", "org.a11y.Status", "IsEnabled", enabled_variant), G_DBUS_CALL_FLAGS_NONE, -1, NULL, &error); + if (enabled_variant) + g_variant_unref(enabled_variant); if (result) g_variant_unref(result); -- 2.7.4