alias.c

Bug Summary

File:	alias.c
Location:	line 267, column 14
Description:	Access to field 'key_aliases' results in a dereference of a null pointer (loaded from field 'names')

Annotated Source Code

/************************************************************

Permission to use, copy, modify, and distribute this

software and its documentation for any purpose and without

fee is hereby granted, provided that the above copyright

notice appear in all copies and that both that copyright

notice and this permission notice appear in supporting

documentation, and that the name of Silicon Graphics not be

used in advertising or publicity pertaining to distribution

of the software without specific prior written permission.

Silicon Graphics makes no representation about the suitability

of this software for any purpose. It is provided "as is"

without any express or implied warranty.

SILICON GRAPHICS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS

SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY

AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SILICON

GRAPHICS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL

DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,

DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE

OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH

THE USE OR PERFORMANCE OF THIS SOFTWARE.

********************************************************/

#include "xkbcomp.h"

#include "misc.h"

#include "alias.h"

#include "keycodes.h"

#include <X11/extensions/XKBgeom.h>

static void

HandleCollision(AliasInfo * old, AliasInfo * new)

{

if (strncmp(new->real, old->real, XkbKeyNameLength4) == 0)

{

if (((new->def.fileID == old->def.fileID) && (warningLevel > 0)) ||

(warningLevel > 9))

{

WARN2uWarning("Alias of %s for %s declared more than once\n",

XkbKeyNameText(new->alias, XkbMessage3),

XkbKeyNameText(new->real, XkbMessage3));

ACTIONuAction("First definition ignored\n");

}

else

{

char *use, *ignore;

if (new->def.merge == MergeAugment1)

{

use = old->real;

ignore = new->real;

}

else

{

use = new->real;

ignore = old->real;

}

if (((old->def.fileID == new->def.fileID) && (warningLevel > 0)) ||

(warningLevel > 9))

{

WARN1uWarning("Multiple definitions for alias %s\n",

XkbKeyNameText(old->alias, XkbMessage3));

ACTION2uAction("Using %s, ignoring %s\n",

XkbKeyNameText(use, XkbMessage3),

XkbKeyNameText(ignore, XkbMessage3));

}

if (use != old->real)

memcpy(old->real, use, XkbKeyNameLength4);

}

old->def.fileID = new->def.fileID;

old->def.merge = new->def.merge;

return;

}

static void

InitAliasInfo(AliasInfo * info,

unsigned merge, unsigned file_id, char *alias, char *real)

{

bzero(info, sizeof(AliasInfo))memset(info,0,sizeof(AliasInfo));

info->def.merge = merge;

info->def.fileID = file_id;

strncpy(info->alias, alias, XkbKeyNameLength4);

strncpy(info->real, real, XkbKeyNameLength4);

return;

}

int

HandleAliasDef(KeyAliasDef * def,

unsigned merge, unsigned file_id, AliasInfo ** info_in)

{

AliasInfo *info;

for (info = *info_in; info != NULL((void*)0); info = (AliasInfo *) info->def.next)

{

if (strncmp(info->alias, def->alias, XkbKeyNameLength4) == 0)

{

100

AliasInfo new;

101

InitAliasInfo(&new, merge, file_id, def->alias, def->real);

102

HandleCollision(info, &new);

103

return True1;

104

}

105

}

106

info = uTypedCalloc(1, AliasInfo)((AliasInfo *)uCalloc((unsigned)1,(unsigned)sizeof(AliasInfo)
));

107

if (info == NULL((void*)0))

108

{

109

WSGOuInternalError("Allocation failure in HandleAliasDef\n");

110

return False0;

111

}

112

info->def.fileID = file_id;

113

info->def.merge = merge;

114

info->def.next = (CommonInfo *) * info_in;

115

memcpy(info->alias, def->alias, XkbKeyNameLength4);

116

memcpy(info->real, def->real, XkbKeyNameLength4);

117

*info_in = (AliasInfo *) AddCommonInfo(&(*info_in)->def, &info->def);

118

return True1;

119

}

120

121

void

122

ClearAliases(AliasInfo ** info_in)

123

{

124

if ((info_in) && (*info_in))

125

ClearCommonInfo(&(*info_in)->def);

126

return;

127

}

128

129

Boolint

130

MergeAliases(AliasInfo ** into, AliasInfo ** merge, unsigned how_merge)

131

{

132

AliasInfo *tmp;

133

KeyAliasDef def;

134

135

if ((*merge) == NULL((void*)0))

136

return True1;

137

if ((*into) == NULL((void*)0))

138

{

139

*into = *merge;

140

*merge = NULL((void*)0);

141

return True1;

142

}

143

bzero((char *) &def, sizeof(KeyAliasDef))memset((char *) &def,0,sizeof(KeyAliasDef));

144

for (tmp = *merge; tmp != NULL((void*)0); tmp = (AliasInfo *) tmp->def.next)

145

{

146

if (how_merge == MergeDefault0)

147

def.merge = tmp->def.merge;

148

else

149

def.merge = how_merge;

150

memcpy(def.alias, tmp->alias, XkbKeyNameLength4);

151

memcpy(def.real, tmp->real, XkbKeyNameLength4);

152

if (!HandleAliasDef(&def, def.merge, tmp->def.fileID, into))

153

return False0;

154

}

155

return True1;

156

}

157

158

int

159

ApplyAliases(XkbDescPtr xkb, Boolint toGeom, AliasInfo ** info_in)

160

{

161

162

XkbKeyAliasPtr old, a;

163

AliasInfo *info;

164

int nNew, nOld;

165

Statusint status;

166

167

if (*info_in == NULL((void*)0))

1	Taking false branch

168

return True1;

169

if (toGeom)

2	Assuming 'toGeom' is 0

3	Taking false branch

170

{

171

nOld = (xkb->geom ? xkb->geom->num_key_aliases : 0);

172

old = (xkb->geom ? xkb->geom->key_aliases : NULL((void*)0));

173

}

174

else

175

{

176

nOld = (xkb->names ? xkb->names->num_key_aliases : 0);

4	'?' condition is false

177

old = (xkb->names ? xkb->names->key_aliases : NULL((void*)0));

5	'?' condition is false

178

}

179

for (nNew = 0, info = *info_in; info != NULL((void*)0);

6	Loop condition is true. Entering loop body

10	Assuming 'info' is equal to null

11	Loop condition is false. Execution continues on line 229

180

info = (AliasInfo *) info->def.next)

181

{

182

unsigned long lname;

183

unsigned int kc;

184

185

lname = KeyNameToLong(info->real)((((unsigned long)info->real[0])<<24)|(((unsigned long
)info->real[1])<<16)|(((unsigned long)info->real[
2])<<8)|info->real[3]);

186

if (!FindNamedKey(xkb, lname, &kc, False0, CreateKeyNames(xkb)((xkb)->flags&(1L << 0)), 0))

7	Taking false branch

187

{

188

if (warningLevel > 4)

189

{

190

WARN2uWarning("Attempt to alias %s to non-existent key %s\n",

191

XkbKeyNameText(info->alias, XkbMessage3),

192

XkbKeyNameText(info->real, XkbMessage3));

193

ACTIONuAction("Ignored\n");

194

}

195

info->alias[0] = '\0';

196

continue;

197

}

198

lname = KeyNameToLong(info->alias)((((unsigned long)info->alias[0])<<24)|(((unsigned long
)info->alias[1])<<16)|(((unsigned long)info->alias
[2])<<8)|info->alias[3]);

199

if (FindNamedKey(xkb, lname, &kc, False0, False0, 0))

8	Taking false branch

200

{

201

if (warningLevel > 4)

202

{

203

WARNuWarning("Attempt to create alias with the name of a real key\n");

204

ACTION2uAction("Alias \"%s = %s\" ignored\n",

205

XkbKeyNameText(info->alias, XkbMessage3),

206

XkbKeyNameText(info->real, XkbMessage3));

207

}

208

info->alias[0] = '\0';

209

continue;

210

}

211

nNew++;

212

if (old)

9	Taking false branch

213

{

214

for (i = 0, a = old; i < nOld; i++, a++)

215

{

216

if (strncmp(a->alias, info->alias, XkbKeyNameLength4) == 0)

217

{

218

AliasInfo oldai;

219

InitAliasInfo(&oldai, MergeAugment1, 0, a->alias, a->real);

220

HandleCollision(&oldai, info);

221

memcpy(oldai.real, a->real, XkbKeyNameLength4);

222

info->alias[0] = '\0';

223

nNew--;

224

break;

225

}

226

}

227

}

228

}

229

if (nNew == 0)

12	Taking false branch

230

{

231

ClearCommonInfo(&(*info_in)->def);

232

*info_in = NULL((void*)0);

233

return True1;

234

}

235

status = Success0;

236

if (toGeom)

13	Taking false branch

237

{

238

if (!xkb->geom)

239

{

240

XkbGeometrySizesRec sizes;

241

bzero((char *) &sizes, sizeof(XkbGeometrySizesRec))memset((char *) &sizes,0,sizeof(XkbGeometrySizesRec));

242

sizes.which = XkbGeomKeyAliasesMask(1<<5);

243

sizes.num_key_aliases = nOld + nNew;

244

status = XkbAllocGeometry(xkb, &sizes);

245

}

246

else

247

{

248

status = XkbAllocGeomKeyAliases(xkb->geom, nOld + nNew);

249

}

250

if (xkb->geom)

251

old = xkb->geom->key_aliases;

252

}

253

else

254

{

255

status = XkbAllocNames(xkb, XkbKeyAliasesMask(1<<10), 0, nOld + nNew);

256

if (xkb->names)

14	Taking false branch

257

old = xkb->names->key_aliases;

258

}

259

if (status != Success0)

15	Assuming 'status' is equal to 0

16	Taking false branch

260

{

261

WSGOuInternalError("Allocation failure in ApplyAliases\n");

262

return False0;

263

}

264

if (toGeom)

17	Taking false branch

265

a = &xkb->geom->key_aliases[nOld];

266

else

267

a = &xkb->names->key_aliases[nOld];

18	Access to field 'key_aliases' results in a dereference of a null pointer (loaded from field 'names')

268

for (info = *info_in; info != NULL((void*)0); info = (AliasInfo *) info->def.next)

269

{

270

if (info->alias[0] != '\0')

271

{

272

strncpy(a->alias, info->alias, XkbKeyNameLength4);

273

strncpy(a->real, info->real, XkbKeyNameLength4);

274

a++;

275

}

276

}

277

#ifdef DEBUG

278

if ((a - old) != (nOld + nNew))

279

{

280

WSGO2uInternalError("Expected %d aliases total but created %d\n", nOld + nNew,

281

(int)(a - old));

282

}

283

#endif

284

if (toGeom)

285

xkb->geom->num_key_aliases += nNew;

286

ClearCommonInfo(&(*info_in)->def);

287

*info_in = NULL((void*)0);

288

return True1;

289

}