From a767164a8e4467a5faa1265536f05a4bea8f8df0 Mon Sep 17 00:00:00 2001
From: mahendra <mahendra.n@samsung.com>
Date: Tue, 10 Nov 2015 14:01:39 +0530
Subject: [PATCH] libICE : Dereferencing a possible NULL pointer in error.c

In function _IceErrorSetupFailed at line no 188, IceAllocScratch is used to
allocate memory for variable pStart and pBuf.

IceAllocScratch is using malloc for memory allocation, malloc can return
NULL on failure. So before dereferencing pStart and pBuf, NULL check must
apply.

v2 (by alanc): correct inverted tests for NULL from original patch

Closes: #5
Signed-off-by: mahendra <mahendra.n@samsung.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libice/-/merge_requests/22>
---
 src/error.c | 40 +++++++++++++++++++++++++---------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/src/error.c b/src/error.c
index 055452e..1c67ffe 100644
--- a/src/error.c
+++ b/src/error.c
@@ -184,9 +184,11 @@ _IceErrorSetupFailed (
 	WORD64COUNT (bytes));
 
     pBuf = pStart = IceAllocScratch (iceConn, PADDED_BYTES64 (bytes));
-    STORE_STRING (pBuf, reason);
-
-    IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    if (pStart != NULL)
+    {
+        STORE_STRING (pBuf, reason);
+        IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    }
     IceFlush (iceConn);
 }
 
@@ -213,9 +215,11 @@ _IceErrorAuthenticationRejected (
 	WORD64COUNT (bytes));
 
     pBuf = pStart = IceAllocScratch (iceConn, PADDED_BYTES64 (bytes));
-    STORE_STRING (pBuf, reason);
-
-    IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    if (pStart != NULL)
+    {
+        STORE_STRING (pBuf, reason);
+        IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    }
     IceFlush (iceConn);
 }
 
@@ -242,9 +246,11 @@ _IceErrorAuthenticationFailed (
 	WORD64COUNT (bytes));
 
     pBuf = pStart = IceAllocScratch (iceConn, PADDED_BYTES64 (bytes));
-    STORE_STRING (pBuf, reason);
-
-    IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    if (pStart != NULL)
+    {
+        STORE_STRING (pBuf, reason);
+        IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    }
     IceFlush (iceConn);
 }
 
@@ -270,9 +276,11 @@ _IceErrorProtocolDuplicate (
 	WORD64COUNT (bytes));
 
     pBuf = pStart = IceAllocScratch (iceConn, PADDED_BYTES64 (bytes));
-    STORE_STRING (pBuf, protocolName);
-
-    IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    if (pStart != NULL)
+    {
+        STORE_STRING (pBuf, protocolName);
+        IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    }
     IceFlush (iceConn);
 }
 
@@ -318,9 +326,11 @@ _IceErrorUnknownProtocol (
 	WORD64COUNT (bytes));
 
     pBuf = pStart = IceAllocScratch (iceConn, PADDED_BYTES64 (bytes));
-    STORE_STRING (pBuf, protocolName);
-
-    IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    if (pStart != NULL)
+    {
+        STORE_STRING (pBuf, protocolName);
+        IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    }
     IceFlush (iceConn);
 }
 
-- 
GitLab