From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Wed, 13 Jul 2022 11:23:09 +1000 Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName GetComponentByName returns an allocated string, so let's free that if we fail somewhere. Signed-off-by: Peter Hutterer --- xkb/xkb.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) Index: xwayland-22.1.3/xkb/xkb.c =================================================================== --- xwayland-22.1.3.orig/xkb/xkb.c +++ xwayland-22.1.3/xkb/xkb.c @@ -5941,18 +5941,32 @@ ProcXkbGetKbdByName(ClientPtr client) xkb = dev->key->xkbInfo->desc; status = Success; str = (unsigned char *) &stuff[1]; - if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ - return BadMatch; + { + char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ + if (keymap) { + free(keymap); + return BadMatch; + } + } names.keycodes = GetComponentSpec(&str, TRUE, &status); names.types = GetComponentSpec(&str, TRUE, &status); names.compat = GetComponentSpec(&str, TRUE, &status); names.symbols = GetComponentSpec(&str, TRUE, &status); names.geometry = GetComponentSpec(&str, TRUE, &status); - if (status != Success) + if (status == Success) { + len = str - ((unsigned char *) stuff); + if ((XkbPaddedSize(len) / 4) != stuff->length) + status = BadLength; + } + + if (status != Success) { + free(names.keycodes); + free(names.types); + free(names.compat); + free(names.symbols); + free(names.geometry); return status; - len = str - ((unsigned char *) stuff); - if ((XkbPaddedSize(len) / 4) != stuff->length) - return BadLength; + } CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);