1. 26 Mar, 2013 1 commit
  2. 05 Mar, 2013 1 commit
  3. 01 Mar, 2013 3 commits
  4. 15 Feb, 2013 2 commits
  5. 12 Feb, 2013 1 commit
  6. 11 Feb, 2013 2 commits
  7. 08 Feb, 2013 2 commits
  8. 06 Feb, 2013 5 commits
    • Alan Coopersmith's avatar
      Avoid memory leak in ddc resort() if find_header() fails · 73974dd7
      Alan Coopersmith authored
      Call find_header first, returning on failure before calling malloc.
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      73974dd7
    • Alan Coopersmith's avatar
      xf86XvMCScreenInit: Avoid leak if dixRegisterPrivateKey fails · b1129a1f
      Alan Coopersmith authored
      Found by parfait 1.1 memory analyser:
         Memory leak of pointer 'pAdapt' allocated with malloc((88 * num_adaptors))
              at line 162 of hw/xfree86/common/xf86xvmc.c in function 'xf86XvMCScreenInit'.
                'pAdapt' allocated at line 158 with malloc((88 * num_adaptors)).
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      b1129a1f
    • Alan Coopersmith's avatar
      Avoid memory leak on realloc failure in localRegisterFreeBoxCallback · 563db909
      Alan Coopersmith authored
      Also avoids leaving invalid pointers in structures if realloc had to
      move them elsewhere to make them larger.
      
      Found by parfait 1.1 code analyzer:
         Memory leak of pointer 'newCallbacks' allocated with realloc(((char*)offman->FreeBoxesUpdateCallback), (8 * (offman->NumCallbacks + 1)))
              at line 328 of hw/xfree86/common/xf86fbman.c in function 'localRegisterFreeBoxCallback'.
                'newCallbacks' allocated at line 320 with realloc(((char*)offman->FreeBoxesUpdateCallback), (8 * (offman->NumCallbacks + 1))).
                newCallbacks leaks when newCallbacks != NULL at line 327.
         Memory leak of pointer 'newPrivates' allocated with realloc(((char*)offman->devPrivates), (8 * (offman->NumCallbacks + 1)))
              at line 328 of hw/xfree86/common/xf86fbman.c in function 'localRegisterFreeBoxCallback'.
                'newPrivates' allocated at line 324 with realloc(((char*)offman->devPrivates), (8 * (offman->NumCallbacks + 1))).
                newPrivates leaks when newCallbacks == NULL at line 327.
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      563db909
    • Alan Coopersmith's avatar
      Avoid NULL pointer dereference in xf86TokenToOptinfo if token not found · 08f75d3a
      Alan Coopersmith authored
      Reported by parfait 1.1 code analyzer:
      
      Error: Null pointer dereference (CWE 476)
         Read from null pointer 'p'
              at line 746 of hw/xfree86/common/xf86Option.c in function 'xf86TokenToOptName'.
                Function 'xf86TokenToOptinfo' may return constant 'NULL' at line 721, called at line 745.
                Null pointer introduced at line 721 in function 'xf86TokenToOptinfo'.
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      08f75d3a
    • Alan Coopersmith's avatar
      Make xf86ValidateModes actually copy clock range list to screen pointer · c1c01e35
      Alan Coopersmith authored
      Our in-house parfait 1.1 code analysis tool complained that every exit
      path from xf86ValidateModes() in hw/xfree86/common/xf86Mode.c leaks the
      storeClockRanges allocation made at line 1501 with XNFalloc.
      
      Investigating, it seems that this code to copy the clock range list to
      the clockRanges list in the screen pointer is just plain insane, and
      according to git, has been since we first imported it from XFree86.
      
      We start at line 1495 by walking the linked list from scrp->clockRanges
      until we find the end.  But that was just a diversion, since we've found
      the end and immediately forgotten it, and thus at 1499 we know that
      storeClockRanges is NULL, but that's not a problem since we're going to
      immediately overwrite that value as the first thing in the loop.
      
      So we move on through this loop at 1499, which takes us through the
      linked list from the clockRanges variable, and for every entry in
      that list allocates a new structure and copies cp to it.  If we've
      not filled in the screen's clockRanges pointer yet, we set it to
      the first storeClockRanges we copied from cp.   Otherwise, as best
      I can tell, we just drop it into memory and let it leak away, as
      parfait warned.
      
      And then we hit the loop action, which if we haven't hit the end of
      the cp list, advances cp to the next item in the list, and then just
      for the fun of it, also sets storeClockRanges to the ->next pointer it
      has just copied from cp as well, even though it's going to overwrite
      it as the very first instruction in the loop body.
      
      v2: rewritten using nt_list_* macros from Xorg's list.h header
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      c1c01e35
  9. 11 Jan, 2013 5 commits
  10. 09 Jan, 2013 1 commit
  11. 17 Dec, 2012 1 commit
  12. 12 Dec, 2012 2 commits
  13. 06 Dec, 2012 1 commit
  14. 28 Nov, 2012 2 commits
  15. 21 Nov, 2012 1 commit
  16. 19 Nov, 2012 1 commit
  17. 05 Nov, 2012 2 commits
  18. 29 Oct, 2012 1 commit
  19. 19 Oct, 2012 1 commit
  20. 11 Oct, 2012 1 commit
  21. 08 Oct, 2012 1 commit
    • Peter Hutterer's avatar
      xfree86: add xf86UpdateDesktopDimensions() · 0a75bd64
      Peter Hutterer authored
      This call is required for external drivers (specifically NVIDIA) that do
      not share the xfree86 infrastructure to update the desktop dimensions.
      Without it, the driver would update the ScreenRecs but not update the total
      dimensions the input code relies on for transformation.
      
      This call is a thin wrapper around the already-existing internal call and
      should be backported to all stable series servers, with the minor ABI bump.
      Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      CC: Andy Ritger <aritger@nvidia.com>
      Reviewed-by: Aaron Plattner's avatarAaron Plattner <aplattner@nvidia.com>
      0a75bd64
  22. 04 Oct, 2012 2 commits
  23. 23 Sep, 2012 1 commit