[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed

nanogui: NULL pointer

Previous by date: 2 Feb 2001 03:07:44 -0000 NULL pointer, Gary James
Next by date: 2 Feb 2001 03:07:44 -0000 uClinux/Microwindows Compilation problems - Urgent... help.., Sridharan Subramanian
Previous in thread: 2 Feb 2001 03:07:44 -0000 NULL pointer, Gary James
Next in thread: 2 Feb 2001 03:07:44 -0000 Re: NULL pointer, Greg Haerr
Subject: Re: NULL pointer
From: Gary James ####@####.####
Date: 2 Feb 2001 03:07:44 -0000
Message-Id: <20010201221927.A848@pc.twcny.rr.com> 
This function in microwin/src/nanox/srvfunc.c 

void
GrSendClientData(GR_WINDOW_ID wid, GR_WINDOW_ID did, GR_SERIALNO serial,
	GR_LENGTH len, GR_LENGTH thislen, void *data)
{
	void *p;

 	if(!(p = malloc(len))) GsError(GR_ERROR_MALLOC_FAILED, wid);
 	memcpy(p, data, thislen);
 
 	GsDeliverClientDataEvent(did, wid, serial, len, thislen, p);
}

Actually on second gander this function seems quite messed up. 

We are allocating buffer of length "len" then copying into it "thislen"
bytes. So even if the allocation is happy, the memcpy() could exceed the
buffer boundary. It looks like the calling function wants a buffer of "len"
sent back to the client not one of length "thislen".

Another observation, why do we do we allocate a buffer at all. The function
GsDeliverClientDataEvent() allocates its own buffer and does another
memcpy() into the new buffer that it creates. It seems that we could save a
copy by passing the original pointer to the second function.

Last observation, it doesn't look like anybody is freeing the buffer
allocated in this function. 

Gary James



On Thu, 01 Feb 2001 21:54:06 Gary James wrote:
> This function in srvfunc.c 
> 
> void
> GrSendClientData(GR_WINDOW_ID wid, GR_WINDOW_ID did, GR_SERIALNO serial,
> 				GR_LENGTH len, GR_LENGTH thislen, void
> *data)
> {
> 	void *p;
> 
> 	if(!(p = malloc(len))) GsError(GR_ERROR_MALLOC_FAILED, wid);
> 	memcpy(p, data, thislen);
> 
> 	GsDeliverClientDataEvent(did, wid, serial, len, thislen, p);
> }
> 
> probably ought to return after the GsError() function call
> 
> void
> GrSendClientData(GR_WINDOW_ID wid, GR_WINDOW_ID did, GR_SERIALNO serial,
> 				GR_LENGTH len, GR_LENGTH thislen, void
> *data)
> {
> 	void *p;
> 
> 	if(!(p = malloc(len))) 
> 	{
> 		GsError(GR_ERROR_MALLOC_FAILED, wid);
> 		return;
> 	}
> 	memcpy(p, data, thislen);
> 
> 	GsDeliverClientDataEvent(did, wid, serial, len, thislen, p);
> }
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ####@####.####
> For additional commands, e-mail: ####@####.####
> 
>
Previous by date: 2 Feb 2001 03:07:44 -0000 NULL pointer, Gary James
Next by date: 2 Feb 2001 03:07:44 -0000 uClinux/Microwindows Compilation problems - Urgent... help.., Sridharan Subramanian
Previous in thread: 2 Feb 2001 03:07:44 -0000 NULL pointer, Gary James
Next in thread: 2 Feb 2001 03:07:44 -0000 Re: NULL pointer, Greg Haerr
[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed
Powered by ezmlm-browse 0.20.