atom.c

Bug Summary

File:	util/atom.c
Location:	line 212, column 5
Description:	Array access (from variable 'hashTable') results in a null pointer dereference

Annotated Source Code

Permission to use, copy, modify, distribute, and sell this software and its

documentation for any purpose is hereby granted without fee, provided that

the above copyright notice appear in all copies and that both that

documentation.

The above copyright notice and this permission notice shall be included in

all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN

AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Except as contained in this notice, the name of The Open Group shall not be

used in advertising or otherwise to promote the sale, use or other dealings

in this Software without prior written authorization from The Open Group.

* Author: Keith Packard, MIT X Consortium

/* lame atom replacement routines for font applications */

#ifdef HAVE_CONFIG_H1

#include <config.h>

#endif

#include <X11/fonts/fontmisc.h>

#include "stubs.h"

typedef struct _AtomList {

char *name;

int len;

int hash;

Atom atom;

} AtomListRec, *AtomListPtr;

static AtomListPtr *hashTable;

static int hashSize, hashUsed;

static int hashMask;

static int rehash;

static AtomListPtr *reverseMap;

static int reverseMapSize;

static Atom lastAtom;

static int

Hash(const char *string, int len)

{

int h;

h = 0;

while (len--)

h = (h << 3) ^ *string++;

if (h < 0)

return -h;

return h;

}

static int

ResizeHashTable (void)

{

int newHashSize;

int newHashMask;

AtomListPtr *newHashTable;

int i;

int h;

int newRehash;

int r;

if (hashSize == 0)

newHashSize = 1024;

else

newHashSize = hashSize * 2;

newHashTable = calloc (newHashSize, sizeof (AtomListPtr));

if (!newHashTable) {

fprintf(stderrstderr, "ResizeHashTable(): Error: Couldn't allocate"

" newHashTable (%ld)\n",

newHashSize * (unsigned long)sizeof (AtomListPtr));

return FALSE0;

}

newHashMask = newHashSize - 1;

newRehash = (newHashMask - 2);

for (i = 0; i < hashSize; i++)

{

if (hashTable[i])

{

h = (hashTable[i]->hash) & newHashMask;

if (newHashTable[h])

{

100

r = hashTable[i]->hash % newRehash | 1;

101

do {

102

h += r;

103

if (h >= newHashSize)

104

h -= newHashSize;

105

} while (newHashTable[h]);

106

}

107

newHashTable[h] = hashTable[i];

108

}

109

}

110

free (hashTable);

111

hashTable = newHashTable;

112

hashSize = newHashSize;

113

hashMask = newHashMask;

114

rehash = newRehash;

115

return TRUE1;

116

}

117

118

static int

119

ResizeReverseMap (void)

120

{

121

int ret = TRUE1;

122

if (reverseMapSize == 0)

123

reverseMapSize = 1000;

124

else

125

reverseMapSize *= 2;

126

reverseMap = realloc (reverseMap, reverseMapSize * sizeof (AtomListPtr));

127

if (!reverseMap) {

128

fprintf(stderrstderr, "ResizeReverseMap(): Error: Couldn't reallocate"

129

" reverseMap (%ld)\n",

130

reverseMapSize * (unsigned long)sizeof(AtomListPtr));

131

ret = FALSE0;

132

}

133

return ret;

134

}

135

136

static int

137

NameEqual (const char *a, const char *b, int l)

138

{

139

while (l--)

140

if (*a++ != *b++)

141

return FALSE0;

142

return TRUE1;

143

}

144

145

#ifdef __SUNPRO_C

146

#pragma weak__attribute__((weak)) MakeAtom

147

#endif

148

149

weak__attribute__((weak)) Atom

150

MakeAtom(const char *string, unsigned len, int makeit)

151

{

152

AtomListPtr a;

153

int hash;

154

int h = 0;

155

int r;

156

157

hash = Hash (string, len);

158

if (hashTable)

1	Assuming 'hashTable' is null

2	Taking false branch

159

{

160

h = hash & hashMask;

161

if (hashTable[h])

162

{

163

if (hashTable[h]->hash == hash && hashTable[h]->len == len &&

164

NameEqual (hashTable[h]->name, string, len))

165

{

166

return hashTable[h]->atom;

167

}

168

r = (hash % rehash) | 1;

169

for (;;)

170

{

171

h += r;

172

if (h >= hashSize)

173

h -= hashSize;

174

if (!hashTable[h])

175

break;

176

if (hashTable[h]->hash == hash && hashTable[h]->len == len &&

177

NameEqual (hashTable[h]->name, string, len))

178

{

179

return hashTable[h]->atom;

180

}

181

}

182

}

183

}

184

if (!makeit)

3	Assuming 'makeit' is not equal to 0

4	Taking false branch

185

return None0l;

186

a = malloc (sizeof (AtomListRec) + len + 1);

187

if (a == NULL((void*)0)) {

5	Assuming 'a' is not equal to null

6	Taking false branch

188

fprintf(stderrstderr, "MakeAtom(): Error: Couldn't allocate AtomListRec"

189

" (%ld)\n", (unsigned long)sizeof (AtomListRec) + len + 1);

190

return None0l;

191

}

192

a->name = (char *) (a + 1);

193

a->len = len;

194

strncpy (a->name, string, len);

195

a->name[len] = '\0';

196

a->atom = ++lastAtom;

197

a->hash = hash;

198

if (hashUsed >= hashSize / 2)

7	Taking false branch

199

{

200

ResizeHashTable ();

201

h = hash & hashMask;

202

if (hashTable[h])

203

{

204

r = (hash % rehash) | 1;

205

do {

206

h += r;

207

if (h >= hashSize)

208

h -= hashSize;

209

} while (hashTable[h]);

210

}

211

}

212

hashTable[h] = a;

8	Array access (from variable 'hashTable') results in a null pointer dereference

213

hashUsed++;

214

if (reverseMapSize <= a->atom) {

215

if (!ResizeReverseMap())

216

return None0l;

217

}

218

reverseMap[a->atom] = a;

219

return a->atom;

220

}

221

222

#ifdef __SUNPRO_C

223

#pragma weak__attribute__((weak)) ValidAtom

224

#endif

225

226

weak__attribute__((weak)) int

227

ValidAtom(Atom atom)

228

{

229

return (atom != None0l) && (atom <= lastAtom);

230

}

231

232

#ifdef __SUNPRO_C

233

#pragma weak__attribute__((weak)) NameForAtom

234

#endif

235

236

weak__attribute__((weak)) char *

237

NameForAtom(Atom atom)

238

{

239

if (atom != None0l && atom <= lastAtom)

240

return reverseMap[atom]->name;

241

return NULL((void*)0);

242

}