libICE : Dereferencing a possible NULL pointer in error.c

Submitted by mah..@..ng.com

Assigned to Xorg Project Team

Description

Created attachment 119532 Patch file

Component: LibICE
Version : 1.0.9

File where error is: src/error.c
Function where error is: _IceErrorSetupFailed
Line of Error: 188

In function _IceErrorSetupFailed at line no 187, IceAllocScratch is used to allocate memory for variable pStart and pBuf.

IceAllocScratch is using malloc for memory allocation, malloc can return NULL on failure. So before dereferencing pStart and pBuf, NULL check must apply.

Suggested patch :

diff --git a/src/error.c b/src/error.c
index 9187256..fc50722 100644
--- a/src/error.c
+++ b/src/error.c
@@ -184,9 +184,11 @@ _IceErrorSetupFailed (
        WORD64COUNT (bytes));

     pBuf = pStart = IceAllocScratch (iceConn, PADDED_BYTES64 (bytes));
-    STORE_STRING (pBuf, reason);
-
-    IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    if (!pStart)
+    {
+        STORE_STRING (pBuf, reason);
+        IceWriteData (iceConn, PADDED_BYTES64 (bytes), pStart);
+    }
     IceFlush (iceConn);
 }

There are many similar cases in error.c, please check attached patch file.

Attachment 119532, "Patch file":
0001-libICE-Dereferencing-a-possible-NULL-pointer-in-erro.patch

Version: git

Edited Aug 17, 2018 by Alan Coopersmith

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

libICE : Dereferencing a possible NULL pointer in error.c

Submitted by mah..@..ng.com

Description