Several potential bugs of null pointer dereference
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libx11 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Ubuntu version: 18.04
libx11-xcb-dev version:1.6.2
Hello,I found some potential bugs in package libx11-xcb-dev,and the word file in the attachment I uploaded shows the occurrence process of the bug in a graphical way.Would you help me check whether the bugs mentioned below are true? I'm not 100% sure that the bugs I submitted is correct. I hope you don't mind seeing the wrong bug I submitted.Thank you very much for your patience.
In file libx11-
there is a statement call function NewDataBase(),load its return value to db,and this function may return a null pointer.in line 1703,there is a statement derefer db without check it.the process of this potential bug is shown in figure 1.
In file libx11-
there is a statement call function NewDataBase(),load its return value to db,and this function may return a null pointer.in line 1560,there is a statement derefer db without check it.the process of this potential bug is shown in figure 2.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to value_list,but Xmalloc may fail to allocate memory,so value_list may be a null pointer.in line 490,there is a statement derefer value_list without check it.the process of this potential bug is shown in figure 3.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to m,but Xmalloc may fail to allocate memory,so m may be a null pointer.statements after derefer value_list without check it.the process of this potential bug is shown in figure 4.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to tmpSLLBlock,but Xmalloc may fail to allocate memory,so tmpSLLBlock may be a null pointer.in line 100,there is a statement derefer tmpSLLBlock without check it.the process of this potential bug is shown in figure 5.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to buf,but Xmalloc may fail to allocate memory,so buf may be a null pointer.in line 344,buf act as the first parameter of funcion _XimSetHeader(this function is in file libx11-
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to text->feedback,but Xmalloc may fail to allocate memory,so text->feedback may be a null pointer.In line 535,there is a statement derefer text->feedback without check it.the process of this potential bug is shown in figure 7.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to string_lowered ,but Xmalloc may fail to allocate memory,so string_lowered may be a null pointer.In line 219,there is a statement derefer string_lowered without check it.the process of this potential bug is shown in figure 8.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to name_lowered ,but Xmalloc may fail to allocate memory,so name_lowered may be a null pointer.In line 432,there is a statement derefer name_lowered without check it.the process of this potential bug is shown in figure 9.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to string_lowered ,but Xmalloc may fail to allocate memory,so string_lowered may be a null pointer.In line 82,there is a statement derefer string_lowered without check it.the process of this potential bug is shown in figure 10.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to dpy->error_vec ,but Xmalloc may fail to allocate memory,so dpy->error_vec may be a null pointer.In line 334,there is a statement derefer dpy->error_vec without check it.the process of this potential bug is shown in figure 11.
In file libx11-
there is a statement call function Xmalloc to allocate memory,load its return value to styles ,but Xmalloc may fail to allocate memory,so styles may be a null pointer.In line 281,there is a statement derefer styles without check it.the process of this potential bug is shown in figure 12.
In file libx11-
there is a statement call function strdup,load its return value to pub->siname,but strdup may fail to allocate memory,so pub->siname may be a null pointer.In line 566,there is a statement derefer pub->siname without check it.the process of this potential bug is shown in figure 13.
In file libx11-
row load the return value of function XkbAddGeomOverl
In file libx11-
if select true at this point.NULLSTRING will load to s and return it to caller.
In file libx11-
In file libx11-
null will returned to caller.
In same file ,defination of _XimSetEventMas
In same file ,defination of _XimProcICSetEv
the process of this potential bug is shown in figure 16.
The attachment "libx11_ nullptr_ dereference. docx" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]