User: james Date: 06/06/19 20:19:41 Modified: xemacs/src ChangeLog dgif_lib.c fileio.c input-method-xlib.c md5.c nas.c scrollbar-x.c text.c vdb-posix.c window.c Log: Fix various problems found by static checkers: use of uninitialized values, dereferencing pointers before checking whether they are NULL, memory leaks, and incomplete checking of return values. <m3k67gpyhk.fsf(a)jerrypc.cs.usu.edu&gt; Revision Changes Path 1.89 +7 -0 XEmacs/xemacs/lwlib/ChangeLog Index: ChangeLog =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/lwlib/ChangeLog,v retrieving revision 1.88 retrieving revision 1.89 diff -u -p -r1.88 -r1.89 --- ChangeLog 2006/05/16 08:23:38 1.88 +++ ChangeLog 2006/06/19 18:19:33 1.89 ＠＠ -1,3 +1,10 ＠＠ +2006-06-16 Jerry James <james(a)xemacs.org&gt; + + * lwlib-Xlw.c (xlw_scrollbar_callback): Do not dereference + instance before checking whether it is NULL. + * xlwmenu.c (xlw_map_menu): Prevent uninitialized access to root + and waste. + 2006-05-16 Stephen J. Turnbull <stephen(a)xemacs.org&gt; * XEmacs 21.5.27 "fiddleheads" is released. 1.16 +2 -2 XEmacs/xemacs/lwlib/lwlib-Xlw.c Index: lwlib-Xlw.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/lwlib/lwlib-Xlw.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -p -r1.15 -r1.16 --- lwlib-Xlw.c 2005/11/26 11:45:59 1.15 +++ lwlib-Xlw.c 2006/06/19 18:19:33 1.16 ＠＠ -158,13 +158,13 ＠＠ xlw_scrollbar_callback (Widget widget, X XlwScrollBarCallbackStruct *data = (XlwScrollBarCallbackStruct *) call_data; scroll_event event_data; - scrollbar_values *val = - (scrollbar_values *) instance->info->val->scrollbar_data; + scrollbar_values *val; double percent; if (!instance || widget->core.being_destroyed) return; + val = (scrollbar_values *) instance->info->val->scrollbar_data; id = instance->info->id; percent = (double) (data->value - 1) / (double) (INT_MAX - 1); 1.42 +2 -2 XEmacs/xemacs/lwlib/xlwmenu.c Index: xlwmenu.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/lwlib/xlwmenu.c,v retrieving revision 1.41 retrieving revision 1.42 diff -u -p -r1.41 -r1.42 --- xlwmenu.c 2006/05/12 19:25:29 1.41 +++ xlwmenu.c 2006/06/19 18:19:33 1.42 ＠＠ -3630,8 +3630,8 ＠＠ xlw_map_menu (Time t) if (!mw->menu.pointer_grabbed) { XWindowAttributes ret; - Window parent,root; - Window *waste; + Window parent,root = 0UL; + Window *waste = NULL; unsigned int num_waste; lw_menu_active = True; 1.976 +18 -0 XEmacs/xemacs/src/ChangeLog Index: ChangeLog =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/ChangeLog,v retrieving revision 1.975 retrieving revision 1.976 diff -u -p -r1.975 -r1.976 --- ChangeLog 2006/06/19 18:10:17 1.975 +++ ChangeLog 2006/06/19 18:19:35 1.976 ＠＠ -1,5 +1,23 ＠＠ 2006-06-16 Jerry James <james(a)xemacs.org&gt; + * dgif_lib.c (DGifCloseFile): Do not dereference GifFile before + checking if it is NULL. Also fix a memory leak. + * fileio.c (Finsert_file_contents_internal): Remove dead code. + * input-method-xlib.c (XIM_SetGeometry): Do not dereference f or + xic before checking if they are NULL. + * md5.c (Fmd5): Check whether Lstream_read encountered an error. + * nas.c (Err): Fix a memory leak. + * scrollbar-x.c (x_free_scrollbar_instance): Do not dereference + instance->scrollbar_data before checking if it is NULL. + * text.c (eicmp_1): Move assertions to before the point where they + must be true for correctness. + * vdb-posix.c (vdb_fault_handler): Guard against a return from + ABORT(). + * window.c (change_window_height): Skip always true comparison in + the expansion of CURCHARSIZE. + +2006-06-16 Jerry James <james(a)xemacs.org&gt; + * alloc.c: Don't add MODULE_DEFINABLE_TYPE_COUNT to countof (lrecord_implementations_table); the latter is already big enough. 1.14 +5 -2 XEmacs/xemacs/src/dgif_lib.c Index: dgif_lib.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/dgif_lib.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -p -r1.13 -r1.14 --- dgif_lib.c 2004/05/06 12:12:13 1.13 +++ dgif_lib.c 2006/06/19 18:19:37 1.14 ＠＠ -366,10 +366,11 ＠＠ void DGifGetExtensionNext(GifFileType *G ******************************************************************************/ int DGifCloseFile(GifFileType *GifFile) { - GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + GifFilePrivateType *Private; if (GifFile == NULL) return -1; + Private = (GifFilePrivateType *)GifFile->Private; if (!IS_READABLE(Private)) { /* This file was NOT open for reading: */ ＠＠ -929,8 +930,10 ＠＠ ColorMapObject *MakeMapObject(int ColorC return((ColorMapObject *)NULL); Object->Colors = (GifColorType *)calloc(ColorCount, sizeof(GifColorType)); - if (Object->Colors == (GifColorType *)NULL) + if (Object->Colors == (GifColorType *)NULL) { + free(Object); return((ColorMapObject *)NULL); + } Object->ColorCount = ColorCount; Object->BitsPerPixel = BitSize(ColorCount); 1.105 +0 -1 XEmacs/xemacs/src/fileio.c Index: fileio.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/fileio.c,v retrieving revision 1.104 retrieving revision 1.105 diff -u -p -r1.104 -r1.105 --- fileio.c 2005/01/28 02:36:24 1.104 +++ fileio.c 2006/06/19 18:19:37 1.105 ＠＠ -2855,7 +2855,6 ＠＠ under Mule, is very difficult.) if (qxe_stat (XSTRING_DATA (filename), &st) < 0) { - if (fd >= 0) retry_close (fd); badopen: if (NILP (visit)) report_file_error ("Opening input file", filename); 1.22 +8 -3 XEmacs/xemacs/src/input-method-xlib.c Index: input-method-xlib.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/input-method-xlib.c,v retrieving revision 1.21 retrieving revision 1.22 diff -u -p -r1.21 -r1.22 --- input-method-xlib.c 2005/01/24 23:33:59 1.21 +++ input-method-xlib.c 2006/06/19 18:19:37 1.22 ＠＠ -384,13 +384,18 ＠＠ XIM_init_frame (struct frame *f) void XIM_SetGeometry (struct frame *f) { - XIC xic = FRAME_X_XIC (f); - XIMStyle style = FRAME_X_XIC_STYLE (f); + XIC xic; + XIMStyle style; XRectangle area; - if (!xic || !f) + if (!f) return; + xic = FRAME_X_XIC (f); + if (!xic) + return; + + style = FRAME_X_XIC_STYLE (f); if (style & XIMStatusArea) { /* Place Status Area in bottom right corner */ 1.16 +1 -1 XEmacs/xemacs/src/md5.c Index: md5.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/md5.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -p -r1.15 -r1.16 --- md5.c 2002/06/05 09:56:26 1.15 +++ md5.c 2006/06/19 18:19:37 1.16 ＠＠ -556,7 +556,7 ＠＠ file-coding or Mule support. Otherwise, Ibyte tempbuf[1024]; /* some random amount */ Bytecount size_in_bytes = Lstream_read (XLSTREAM (instream), tempbuf, sizeof (tempbuf)); - if (!size_in_bytes) + if (size_in_bytes <= 0) break; /* Process the bytes. */ 1.19 +1 -1 XEmacs/xemacs/src/nas.c Index: nas.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/nas.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -p -r1.18 -r1.19 --- nas.c 2004/11/04 23:06:43 1.18 +++ nas.c 2006/06/19 18:19:37 1.19 ＠＠ -728,7 +728,7 ＠＠ SndOpenDataForReading (const CBinbyte *d /* Stuff taken from wave.c from NAS. Just like snd files, NAS can't read wave data from memory, so these functions do that for us. */ -#define Err() { return NULL; } +#define Err() { free(wi); return NULL; } #define readFourcc(_f) dread(_f, sizeof(RIFF_FOURCC), 1) #define cmpID(_x, _y) \ strncmp((CBinbyte *) (_x), (CBinbyte *) (_y), sizeof(RIFF_FOURCC)) 1.32 +12 -10 XEmacs/xemacs/src/scrollbar-x.c Index: scrollbar-x.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/scrollbar-x.c,v retrieving revision 1.31 retrieving revision 1.32 diff -u -p -r1.31 -r1.32 --- scrollbar-x.c 2005/10/25 08:32:49 1.31 +++ scrollbar-x.c 2006/06/19 18:19:38 1.32 ＠＠ -72,19 +72,21 ＠＠ x_inhibit_scrollbar_slider_size_change ( static void x_free_scrollbar_instance (struct scrollbar_instance *instance) { - if (SCROLLBAR_X_NAME (instance)) - xfree (SCROLLBAR_X_NAME (instance), char *); - - if (SCROLLBAR_X_WIDGET (instance)) + if (instance->scrollbar_data) { - if (XtIsManaged (SCROLLBAR_X_WIDGET (instance))) - XtUnmanageChild (SCROLLBAR_X_WIDGET (instance)); + if (SCROLLBAR_X_NAME (instance)) + xfree (SCROLLBAR_X_NAME (instance), char *); - lw_destroy_all_widgets (SCROLLBAR_X_ID (instance)); - } + if (SCROLLBAR_X_WIDGET (instance)) + { + if (XtIsManaged (SCROLLBAR_X_WIDGET (instance))) + XtUnmanageChild (SCROLLBAR_X_WIDGET (instance)); - if (instance->scrollbar_data) - xfree (instance->scrollbar_data, void *); + lw_destroy_all_widgets (SCROLLBAR_X_ID (instance)); + } + + xfree (instance->scrollbar_data, void *); + } } /* A device method. */ 1.27 +4 -3 XEmacs/xemacs/src/text.c Index: text.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/text.c,v retrieving revision 1.26 retrieving revision 1.27 diff -u -p -r1.26 -r1.27 --- text.c 2005/09/27 05:29:44 1.26 +++ text.c 2006/06/19 18:19:38 1.27 ＠＠ -2138,7 +2138,11 ＠＠ eicmp_1 (Eistring *ei, Bytecount off, Ch Bytecount len, Charcount charlen, const Ibyte *data, const Eistring *ei2, int is_ascii, int fold_case) { + assert ((data == 0) != (ei == 0)); + assert ((is_ascii != 0) == (data != 0)); + assert (fold_case >= 0 && fold_case <= 2); assert ((off < 0) != (charoff < 0)); + if (off < 0) { off = charcount_to_bytecount (ei->data_, charoff); ＠＠ -2152,9 +2156,6 ＠＠ eicmp_1 (Eistring *ei, Bytecount off, Ch assert (off >= 0 && off <= ei->bytelen_); assert (len >= 0 && off + len <= ei->bytelen_); - assert ((data == 0) != (ei == 0)); - assert ((is_ascii != 0) == (data != 0)); - assert (fold_case >= 0 && fold_case <= 2); { Bytecount dstlen; 1.3 +1 -1 XEmacs/xemacs/src/vdb-posix.c Index: vdb-posix.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/vdb-posix.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -p -r1.2 -r1.3 --- vdb-posix.c 2006/03/27 15:20:31 1.2 +++ vdb-posix.c 2006/06/19 18:19:38 1.3 ＠＠ -73,7 +73,7 ＠＠ vdb_fault_handler (FAULT_HANDLER_ARGUMEN } else /* default sigsegv handler */ { - char *signal_name; + char *signal_name = ""; if (signum == SIGSEGV) signal_name = "SIGSEGV"; else if (signum == SIGBUS) 1.91 +1 -1 XEmacs/xemacs/src/window.c Index: window.c =================================================================== RCS file: /pack/xemacscvs/XEmacs/xemacs/src/window.c,v retrieving revision 1.90 retrieving revision 1.91 diff -u -p -r1.90 -r1.91 --- window.c 2005/11/25 01:42:08 1.90 +++ window.c 2006/06/19 18:19:38 1.91 ＠＠ -4380,7 +4380,7 ＠＠ change_window_height (Lisp_Object window { int new_pixsize; sizep = &CURSIZE (w); - dim = CURCHARSIZE (w); + dim = window_char_width (w, 0); new_pixsize = inpixels?(*sizep + delta):(dim+delta); set_window_pixsize (window, new_pixsize, 0, 0); return;