[PATCH] dix: Fix a double free in dixFreePrivates.
Francisco Jerez
currojerez at riseup.net
Sun Oct 4 17:39:03 PDT 2009
It can be reproduced when the server is regenerated and for some
reason the private keys are reassigned in a different order: a
manually allocated private may get an index formerly used by a
preallocated private. In that case it will first be manually freed and
then again by dixFreePrivates, as items[i].size was never zeroed
out. Do it in dixResetPrivates.
Signed-off-by: Francisco Jerez <currojerez at riseup.net>
---
dix/privates.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/dix/privates.c b/dix/privates.c
index 3a2deb8..e3e7274 100644
--- a/dix/privates.c
+++ b/dix/privates.c
@@ -303,6 +303,7 @@ dixResetPrivates(void)
/* reset private descriptors */
for (i = 1; i < nextPriv; i++) {
*items[i].key = 0;
+ items[i].size = 0;
DeleteCallbackList(&items[i].initfuncs);
DeleteCallbackList(&items[i].deletefuncs);
}
--
1.6.3.3
More information about the xorg-devel
mailing list