xf86-video-intel: src/sna/sna_accel.c
Chris Wilson
ickle at kemper.freedesktop.org
Tue Mar 20 14:39:53 PDT 2012
src/sna/sna_accel.c | 1 +
1 file changed, 1 insertion(+)
New commits:
commit f49a6b1fd7e23252b2a306f8bdb9baed5c1e8d4b
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date: Tue Mar 20 21:36:26 2012 +0000
sna: Decouple the private data after UnrealizeFont
As the font is kept around and reused after UnrealizeFont, we need to
nullify the pointer to our private data in order to prevent the later
use-after-free.
Reported-by: Peter Jordan
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
diff --git a/src/sna/sna_accel.c b/src/sna/sna_accel.c
index c7f041e..33e08be 100644
--- a/src/sna/sna_accel.c
+++ b/src/sna/sna_accel.c
@@ -10183,6 +10183,7 @@ sna_unrealize_font(ScreenPtr screen, FontPtr font)
for (n = 0; n < 256; n++)
free(priv->glyphs16[n]);
free(priv);
+ FontSetPrivate(font, sna_font_key, NULL);
}
return TRUE;
More information about the xorg-commit
mailing list