[PATCH 1/4] dix: Update element count in FreeResourceByType()

Kristian Høgsberg krh at bitplanet.net
Sat May 1 10:31:57 PDT 2010


All resource functions keep clientTable[cid].elements up to date with the
number of resources allocated to the client.  Except FreeResourceByType().

Typically, the only consequence is that the element count is too high
and we end up allocating the hash table bigger than necessary.  However,
FreeResource() also relies on the element count to restart the search if
the list of resources has been changed during a resource destruction
callback.  Since FreeResourceByType() doesn't update the count, if we call
that from a resource destruction callback from FreeResource(), the
loop isn't restarted and we end up following an invalid next pointer.

Signed-off-by: Kristian Høgsberg <krh at bitplanet.net>
---
 dix/resource.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/dix/resource.c b/dix/resource.c
index 91d0cfb..aec2a5b 100644
--- a/dix/resource.c
+++ b/dix/resource.c
@@ -589,6 +589,7 @@ FreeResourceByType(XID id, RESTYPE type, Bool skipFree)
 			      res->value, TypeNameString(res->type));
 #endif		    		    
 		*prev = res->next;
+		clientTable[cid].elements--;
 
 		CallResourceStateCallback(ResourceStateFreeing, res);
 
-- 
1.7.0.1



More information about the xorg-devel mailing list