| Age | Commit message (Collapse) | Author |
|---|
|
Reported by a static analysis tool:
9. libXfont2-2.0.6/src/stubs/atom.c:179:5:
alloc_fn: Storage is returned from allocation function "malloc".
10. libXfont2-2.0.6/src/stubs/atom.c:179:5:
var_assign: Assigning: "a" = storage returned from
"malloc(24UL + len + 1UL)".
16. libXfont2-2.0.6/src/stubs/atom.c:194:6:
leaked_storage: Variable "a" going out of scope leaks the
storage it points to.
# 192| if ((ResizeHashTable() == FALSE) &&
# 193| ((hashTable == NULL) || (hashUsed == hashSize)))
# 194|-> return None;
# 195| h = hash & hashMask;
# 196| if (hashTable[h]) {
Fixes: 78085e6b683b ("stubs/atom.c: check for ResizeHashTable failure")
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libxfont/-/merge_requests/27>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Code that used it was removed in commit 632a2e90a4b209facc
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Handles warning from Oracle Parfait 11.2 static analyzer:
Error: Misleading macro
Misleading macro [misleading-macro]:
misleading evaluation of '/' operator in expansion of macro SCORE2 due to missing parentheses
at line 299 of src/bitmap/bitscale.c.
'/' operator has lower precedence than '/' operator inside macro body at line 438
low precedence '/' operator is hidden by expansion of macro argument m at line 299
Misleading macro [misleading-macro]:
misleading evaluation of '/' operator in expansion of macro SCORE2 due to missing parentheses
at line 299 of src/bitmap/bitscale.c.
binary '*' operator has lower precedence than '/' operator inside macro body at line 440
low precedence binary '*' operator is hidden by expansion of macro argument m at line 299
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Position should be stored in an off_t, not an int, and the
"whence" arg should use symbolic constants instead of raw numbers.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Oracle no longer includes this term in our copyright & license notices.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
This avoids undefined behavior (left shift overflow in signed integer type)
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
The great libxfont2 rewrite 135fb032e940ce226c9feb13e6e903f3ecbc5eb0 split
fs_wakeup into fs_wakeup and fs_fd_handler. The fs_fd_handler side is
called when there is new data on the socket. The fs_wakeup side is called
on a timeout.
If there's a connection timeout, the block handler will set the timeout
to zero, expecting fs_wakeup to handle the timeout. Therefore, we need to
call _fs_check_reconnect in fs_wakeup to handle the connection timeout.
If we don't, the X server will go to 100% CPU (and the font server
connection will not be retried).
Signed-off-by: Peter Harris <pharris@opentext.com>
|
|
This is the preferred usage form for libbsd, as it makes the code more
portable and requires no special includes for libbsd, by transparently
injects the needed standard headers that would be used on a BSD.
Signed-off-by: Guillem Jover <guillem@hadrons.org>
|
|
When dirName is "" (eg. when called by BuiltinReadDirectory),
FontFileMakeDir would read after the string when WIN32 is defined.
Fix the overrun issue by checking the location of the found :
before adding two.
Signed-off-by: Peter Harris <pharris@opentext.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Commit 6c29007756301 removed OS/2 support from the code,
but missed updating the comments to match.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Regressed-in: 6972ea08ee5b2ef1cfbdc2fcaf14f06bbd391561
Fixes: https://gitlab.freedesktop.org/xorg/lib/libxfont/-/issues/13
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
Found by using:
codespell --builtin clear,rare,usage,informal,code,names
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
BuiltinReadDirectory() calls FontFileMakeDir ("", builtin_dir_count); and
this causes the `dirName[dirlen - 1]` access to read before the start of
the string. I found this while porting Xvnc to CHERI-RISC-V (which has
bounds and permissions on all pointers).
|
|
If there are multiple blocks waiting for the same font, only one of them
will have ->freeFont set. The rest will be in a state of FS_DEPENDING.
If the font server dies before the font finishes opening, the block with
->freeFont set will call ->unload_font, invalidating the pfont pointers
in the remaining FS_DEPENDING blocks.
Avoid a use after free (and potential crash) by passing conn to
fs_cleanup_font instead of dereferencing pfont to find the conn.
Signed-off-by: Peter Harris <pharris@opentext.com>
|
|
Always initialize the return value of fs_new_block_rec. Even if the
conn->blockState is FS_BROKEN_CONNECTION | FS_RECONNECTING, we must not
return with an uninitialized blockrec on the block list. When the
blockrec times out, _fs_clean_aborted_blockrec calls fs_cleanup_bfont,
which will try to follow pointers in the blockrec (which has not been
initialized).
Signed-off-by: Peter Harris <pharris@opentext.com>
|
|
Provide Win32 replacements for realpath() and err.h
|
|
Resolves coverity warning def16 from the list in
https://gitlab.freedesktop.org/xorg/lib/libxfont/issues/6
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
None of the callers of CatalogueRescan check for failure before accessing
the cat pointer so don't free it (especially without clearing the pointer
to it in fpe->private), just unref the contents.
Can only be triggered if somehow stat() succeeds on the directory, but
opendir fails anyway (removed between the calls? permission problem?).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Resolves coverity warning def23 from the list in
https://gitlab.freedesktop.org/xorg/lib/libxfont/issues/6
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
Quiets:
src/util/fontxlfd.c: In function ‘FontParseXLFDName’:
src/util/fontxlfd.c:450:14: warning: this statement may fall through [-Wimplicit-fallthrough=]
replaceChar = '*';
~~~~~~~~~~~~^~~~~
src/util/fontxlfd.c:451:5: note: here
case FONT_XLFD_REPLACE_ZERO:
^~~~
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Introduces mallocarray as a macro calling reallocarray with a NULL
pointer for the old allocation.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Implementation copied from the Xserver
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Replace strcpy, strcat, sprintf with strlcpy, strlcat, snprintf
everywhere, even where there were already bounds checks in place,
to reduce time spent checking static analysis results.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Implementations copied from the Xserver
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=99882
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
Without the checks a malformed PCF file can cause the library to make
atom from random heap memory that was behind the `strings` buffer.
This may crash the process or leak information.
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
If a pattern contains '?' character, any character in the string is skipped,
even if it is '\0'. The rest of the matching then reads invalid memory.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
gcc6 chirps an indentation warning here, but really this is bad code.
Effectively this would ignore en_US or en_UK names for the font, despite
that those are the English names the font is most likely to have.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=83224
Found by clang's Address Sanitizer
crac.num_auths = set_font_authorizations(&authorizations, &authlen,
client);
/* Work around bug in xfs versions up through modular release 1.0.8
which rejects CreateAC packets with num_auths = 0 & authlen < 4 */
if (crac.num_auths == 0) {
authorizations = padding;
authlen = 4;
} else {
authlen = (authlen + 3) & ~0x3;
}
crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
crac.acid = cur->acid;
_fs_add_req_log(conn, FS_CreateAC);
_fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
_fs_write(conn, authorizations, authlen);
In the case in the report, set_font_authorizations setup authorizations as a
34 byte buffer (and authlen set to 34 as one would expect). The following
block changed authlen to 36 to make it 4byte aligned and the final _fs_write()
caused us to read 36 bytes from this 34 byte buffer.
This changes the incorrect size increase to instead use _fs_write_pad which
takes care of the padding for us.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
The point of it seems to have been to silence an unused function warning, but
there's no point if we're just transitioning that to another unused function
warning.
src/fc/fstrans.c:32:20: warning: unused function 'foo' [-Wunused-function]
static inline void foo(void) { (void) is_numeric("a"); }
^
1 warning generated.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
src/fc/fserve.c:653:32: warning: format specifies type 'int' but the argument has type 'CARD32' (aka 'unsigned long') [-Wformat]
" from font server\n", rep->length);
^~~~~~~~~~~
1 warning generated.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
calloc for 0 bytes
Found by clang static analysis:
Call to 'calloc' has an allocation size of 0 bytes
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
Found by clang static analysis:
Result of 'calloc' is converted to a pointer of type 'int', which is
incompatible with sizeof operand type 'int *'
This is likely benign because the old size was larger on any platform where
sizeof(int) <= sizeof(void *), which is everywhere.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
|
|
This eliminates the weak symbol adventures and makes all of the calls
back to the X server or Font server go through a table of functions
instead, clarifying the required API.
As this is a rather major change to the API for the library, it now
installs itself as libXfont2 instead of libXfont, and the package
config file is now xfont2.pc.
All of the installed headers remain the same as the original library;
there's now a new include file, libxfont2.h, which defines the X
server and Font server interfaces.
This moves util/atom.c to stubs/atom.c and reformats that file, hence
the diff being larger than it would otherwise be.
v2: Rename to libXfont2 instead of libXfont_2 as suggested by Emil Velikov
Fix whitespace in stubs/atom.c, which was moved from util/
v3: Remove select masks from API. Expose single 'font_init' function
for all library initialization.
v4: Change name of distributed tarballs to libXfont2 as well
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Mostly signed vs unsigned comparisons
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Lesser of two evil hacks, I suppose...
This reverts commit 0386fa77367a305deea3cc27f8a3865cc3c467c0.
|
|
stubs resolution
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
