| CVE: CVE-2022-3554 |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@arm.com> |
| |
| From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001 |
| From: "Thomas E. Dickey" <dickey@invisible-island.net> |
| Date: Tue, 4 Oct 2022 18:26:17 -0400 |
| Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback |
| |
| Analysis: |
| |
| _XimRegisterIMInstantiateCallback() opens an XIM and closes it using |
| the internal function pointers, but the internal close function does |
| not free the pointer to the XIM (this would be done in XCloseIM()). |
| |
| Report/patch: |
| |
| Date: Mon, 03 Oct 2022 18:47:32 +0800 |
| From: Po Lu <luangruo@yahoo.com> |
| To: xorg-devel@lists.x.org |
| Subject: Re: Yet another leak in Xlib |
| |
| For reference, here's how I'm calling XRegisterIMInstantiateCallback: |
| |
| XSetLocaleModifiers (""); |
| XRegisterIMInstantiateCallback (compositor.display, |
| XrmGetDatabase (compositor.display), |
| (char *) compositor.resource_name, |
| (char *) compositor.app_name, |
| IMInstantiateCallback, NULL); |
| |
| and XMODIFIERS is: |
| |
| @im=ibus |
| |
| Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net> |
| --- |
| modules/im/ximcp/imInsClbk.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c |
| index 95b379cb..c10e347f 100644 |
| --- a/modules/im/ximcp/imInsClbk.c |
| +++ b/modules/im/ximcp/imInsClbk.c |
| @@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback( |
| if( xim ) { |
| lock = True; |
| xim->methods->close( (XIM)xim ); |
| + /* XIMs must be freed manually after being opened; close just |
| + does the protocol to deinitialize the IM. */ |
| + XFree( xim ); |
| lock = False; |
| icb->call = True; |
| callback( display, client_data, NULL ); |
| -- |
| 2.34.1 |
| |