fix prevent bug

Change-Id: I64e92ca033898c2105637550d3591c0300c77257

diff --git a/bin/xdbg/xdbg.c b/bin/xdbg/xdbg.c
index d0722db..0b40117 100644 (file)
--- a/bin/xdbg/xdbg.c
+++ b/bin/xdbg/xdbg.c
@@ -53,8 +53,8 @@ int main(int argc, char ** argv)
     Display *dpy;
     char **new_argv;
     int new_argc, i;
-    char temp[128];
-    char cwd[128];
+    char temp[1024];
+    char cwd[1024];
     dpy = XOpenDisplay (NULL);
     if (!dpy)
     {

diff --git a/bin/xevlog_analyze/xevlog_analyze.c b/bin/xevlog_analyze/xevlog_analyze.c
index 7509aa1..fa5bef7 100644 (file)
--- a/bin/xevlog_analyze/xevlog_analyze.c
+++ b/bin/xevlog_analyze/xevlog_analyze.c
@@ -212,6 +212,8 @@ static void _xEvlogAnalyzePrint (EvlogOption *eo, char* reply, int* len)
             GOTO_IF_FAIL (read_len == sizeof(EvlogRequest), print_done);
             total += read_len;
 
+            GOTO_IF_FAIL ((evinfo.req.length * 4) < SSIZE_MAX, print_done);
+
             evinfo.req.ptr = malloc (evinfo.req.length * 4);
             GOTO_IF_FAIL (evinfo.req.ptr != NULL, print_done);
 
@@ -277,8 +279,14 @@ static void _xEvlogAnalyzePrint (EvlogOption *eo, char* reply, int* len)
                     xorg_list_init(&evinfo.evatom.list);
                     evinfo.evatom.init = 1;
                 }
+
                 read_len = read (fd, table, sizeof (EvlogAtomTable));
-                GOTO_IF_FAIL (read_len == sizeof(EvlogAtomTable), print_done);
+                if (read_len != sizeof(EvlogAtomTable))
+                {
+                    WARNING_IF_FAIL (read_len == sizeof(EvlogAtomTable));
+                    free (table);
+                    goto print_done;
+                }
                 total += read_len;
 
                 xorg_list_add(&table->link, &evinfo.evatom.list);

diff --git a/common/xdbg_evlog.c b/common/xdbg_evlog.c
index 618f00b..6f65964 100644 (file)
--- a/common/xdbg_evlog.c
+++ b/common/xdbg_evlog.c
@@ -496,7 +496,7 @@ xDbgEvlogFillLog (EvlogInfo *evinfo, int detail_level, char *reply, int *len)
 
 void xDbgDistroyAtomList (EvlogInfo *evinfo)
 {
-    EvlogAtomTable *cur, *next;
+    EvlogAtomTable *cur = NULL, *next = NULL;
 
     if (!evinfo->evatom.init)
         return;
@@ -513,7 +513,7 @@ void xDbgDistroyAtomList (EvlogInfo *evinfo)
 
 void xDbgDistroyRegionList (EvlogInfo *evinfo)
 {
-    EvlogRegionTable *cur, *next;
+    EvlogRegionTable *cur = NULL, *next = NULL;
 
     if (!evinfo->evregion.init)
         return;

diff --git a/module/xdbg_module_evlog.c b/module/xdbg_module_evlog.c
index 2722891..cbfd9da 100644 (file)
--- a/module/xdbg_module_evlog.c
+++ b/module/xdbg_module_evlog.c
@@ -249,7 +249,7 @@ static void evtRecord (int fd, EvlogInfo *evinfo)
 
     if (evinfo->mask & EVLOG_MASK_REGION)
     {
-        EvlogRegionTable *table;
+        EvlogRegionTable *table = NULL;
 
         if (write (fd, &evinfo->evregion.size, sizeof (int)) == -1)
         {
@@ -351,11 +351,16 @@ static void evtPrint (EvlogType type, ClientPtr client, xEvent *ev, ReplyInfoRec
             else if (rep)
                 err = (xError *) rep->replyData;
 
-            evinfo.mask |= EVLOG_MASK_ERROR;
-            evinfo.err.errorCode = err->errorCode;
-            evinfo.err.resourceID = err->resourceID;
-            evinfo.err.minorCode = err->minorCode;
-            evinfo.err.majorCode = err->majorCode;
+            if (err)
+            {
+                evinfo.mask |= EVLOG_MASK_ERROR;
+                evinfo.err.errorCode = err->errorCode;
+                evinfo.err.resourceID = err->resourceID;
+                evinfo.err.minorCode = err->minorCode;
+                evinfo.err.majorCode = err->majorCode;
+            }
+            else
+                XDBG_NEVER_GET_HERE (MXDBG);
         }
     }