[PATCH] dix: Fix a double free in dixFreePrivates.
Peter Hutterer
peter.hutterer at who-t.net
Wed Oct 7 15:18:17 PDT 2009
On Mon, Oct 05, 2009 at 02:39:03AM +0200, Francisco Jerez wrote:
> It can be reproduced when the server is regenerated and for some
> reason the private keys are reassigned in a different order: a
> manually allocated private may get an index formerly used by a
> preallocated private. In that case it will first be manually freed and
> then again by dixFreePrivates, as items[i].size was never zeroed
> out. Do it in dixResetPrivates.
>
> Signed-off-by: Francisco Jerez <currojerez at riseup.net>
> ---
> dix/privates.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/dix/privates.c b/dix/privates.c
> index 3a2deb8..e3e7274 100644
> --- a/dix/privates.c
> +++ b/dix/privates.c
> @@ -303,6 +303,7 @@ dixResetPrivates(void)
> /* reset private descriptors */
> for (i = 1; i < nextPriv; i++) {
> *items[i].key = 0;
> + items[i].size = 0;
> DeleteCallbackList(&items[i].initfuncs);
> DeleteCallbackList(&items[i].deletefuncs);
> }
> --
> 1.6.3.3
I fwded this to eamon,
Acked-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
daniel or ajax, please scoop this up.
Cheers,
Peter
More information about the xorg-devel
mailing list