libxaw: Changes to 'upstream-unstable'
configure.ac | 2 +-
src/Text.c | 2 +-
src/TextAction.c | 9 +++++----
3 files changed, 7 insertions(+), 6 deletions(-)
New commits:
commit ffaad7ee2ef6e06b4585567df04f6b64356fb6fe
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Fri Jun 1 20:31:30 2012 -0700
libXaw 1.0.11
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/configure.ac b/configure.ac
index 2423263..3ed625e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
# Initialize Autoconf
AC_PREREQ([2.60])
-AC_INIT([libXaw], [1.0.10],
+AC_INIT([libXaw], [1.0.11],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXaw])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
commit 52081b462ff7d1844d014bf9be887197caa88160
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat May 26 15:07:07 2012 -0700
Only call XawStackFree if XawStackAlloc was used for allocation
In FormParagraph() in TextAction.c, the #if OLDXAW case always uses
fixed length buffers, while the !OLDXAW case uses XawStackAlloc &
XawStackFree to switch to dynamic allocations when the buffers aren't
large enough.
A couple instances of XawStackFree slipped into the wrong side of
the #if checks though, so move them back where they belong. Also
reset pos afterwards, in the case we continue and may use it again,
to avoid the chance of a double free.
Found by the Parfait 0.5.0.1 bug checking tool:
Error: Free memory not allocated dynamically by alloc (CWE 590)
Free() was called on a pointer 'buf' to the auto variable 'buf'. Free() must only be used on dynamically allocated memory
at line 3946 of TextAction.c in function 'FormParagraph'.
'buf' allocated at line 0 as auto variable.
at line 4000 of TextAction.c in function 'FormParagraph'.
'buf' allocated at line 0 as auto variable.
Error: Use after free (CWE 416)
Use after free of pointer '&buf'
at line 3995 of TextAction.c in function 'FormParagraph'.
Previously freed at line 3946 with XtFree.
Error: Use after free
Double free (CWE 415): Double free of pointer '&buf' in call to XtFree
at line 4000 of TextAction.c in function 'FormParagraph'.
Previously freed at line 3946 with XtFree.
Double free (CWE 415): Double free of pointer '<unknown>' in call to XtFree
at line 4000 of TextAction.c in function 'FormParagraph'.
Previously freed at line 3946 with XtFree.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Acked-by: pcpa <paulo.cesar.pereira.de.andrade@gmail.com>
diff --git a/src/TextAction.c b/src/TextAction.c
index fe7e573..7b87ce4 100644
--- a/src/TextAction.c
+++ b/src/TextAction.c
@@ -3935,6 +3935,8 @@ FormParagraph(Widget w, XEvent *event, String *params, Cardinal *num_params)
}
if (FormRegion(ctx, from, to, pos, src->textSrc.num_text) == XawReplaceError) {
+ XawStackFree(pos, buf);
+ pos = buf;
#else
from = SrcScan(ctx->text.source, ctx->text.insertPos,
XawstParagraph, XawsdLeft, 1, False);
@@ -3943,7 +3945,6 @@ FormParagraph(Widget w, XEvent *event, String *params, Cardinal *num_params)
if (FormRegion(ctx, from, to, pos, 1) == XawReplaceError) {
#endif
- XawStackFree(pos, buf);
XBell(XtDisplay(w), 0);
#ifndef OLDXAW
if (undo) {
@@ -3991,13 +3992,13 @@ FormParagraph(Widget w, XEvent *event, String *params, Cardinal *num_params)
XawsdLeft, 1, False), False);
tw->text.clear_to_eol = True;
}
+ XawStackFree(pos, buf);
#else
ctx->text.old_insert = ctx->text.insertPos = *pos;
_XawTextBuildLineTable(ctx, SrcScan(ctx->text.source, ctx->text.lt.top,
XawstEOL, XawsdLeft, 1, False), False);
ctx->text.clear_to_eol = True;
#endif
- XawStackFree(pos, buf);
ctx->text.showposition = True;
EndAction(ctx);
commit ca35cff72a3100c9367b7e7f4811117c8733b8be
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat May 26 14:44:26 2012 -0700
Correct order of arguments to XawStackFree()
XawStackAlloc() & XawStackFree() are macros to automate the process of
using a fixed size stack buffer for strings smaller than the buffer size,
and allocating/freeing memory for larger strings.
XawStackFree is defined in src/Private.h as taking (pointer, stk_buffer)
and freeing pointer if it's not pointing to the stack buffer.
Most of the calls of this macro get the ordering right, but a couple
got it reversed, passing a stack buffer to free() instead of the
allocated pointer.
Found by the Parfait 0.5.0.1 bug checking tool:
Error: Free memory not allocated dynamically by alloc (CWE 590)
Free() was called on a pointer 'buf' to the auto variable 'buf'. Free() must only be used on dynamically allocated memory
at line 2281 of TextAction.c in function 'DoFormatText'.
'buf' allocated at line 0 as auto variable.
at line 2296 of TextAction.c in function 'DoFormatText'.
'buf' allocated at line 0 as auto variable.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Acked-by: pcpa <paulo.cesar.pereira.de.andrade@gmail.com>
diff --git a/src/TextAction.c b/src/TextAction.c
index 6705316..fe7e573 100644
--- a/src/TextAction.c
+++ b/src/TextAction.c
@@ -2278,7 +2278,7 @@ DoFormatText(TextWidget ctx, XawTextPosition left, Bool force, int level,
text.length = bytes;
bytes -= text.length;
if (_XawTextReplace(ctx, tmp, tmp, &text)) {
- XawStackFree(buf, text.ptr);
+ XawStackFree(text.ptr, buf);
return (XawEditError);
}
if (num_pos) {
@@ -2293,7 +2293,7 @@ DoFormatText(TextWidget ctx, XawTextPosition left, Bool force, int level,
}
position += count;
right += count;
- XawStackFree(buf, text.ptr);
+ XawStackFree(text.ptr, buf);
}
break;
}
commit 11c3a104141e1a4946ad949dfb5514df0b66a031
Author: pcpa <paulo.cesar.pereira.de.andrade@gmail.com>
Date: Tue May 22 20:42:32 2012 -0300
Correct undefined behavior access to out of scope pointer contents.
This problem is triggered in gcc 4.7 DCE (dead code elimination).
In the Xaw code, the local constant "String" is not guaranteed to
have global scope.
The problem was found when debugging the reason xedit built with
gcc 4.7 would be very unstable, and that happens regardless of using
a libXaw built with gcc 4.6.
Signed-off-by: pcpa <paulo.cesar.pereira.de.andrade@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
diff --git a/src/Text.c b/src/Text.c
index 72387e9..a1ae74a 100644
--- a/src/Text.c
+++ b/src/Text.c
@@ -3146,7 +3146,7 @@ _XawTextSetSelection(TextWidget ctx, XawTextPosition l, XawTextPosition r,
if (nelems == 1 && !strcmp (list[0], "none"))
return;
if (nelems == 0) {
- String defaultSel = "PRIMARY";
+ static String defaultSel = "PRIMARY";
list = &defaultSel;
nelems = 1;
}
Reply to: