[PATCH 3/5] dix: set pointer to NULL after freeing at CloseDevice
Simon Thum
simon.thum at gmx.de
Tue Apr 5 05:14:42 PDT 2011
On 04/04/2011 07:54 PM, Tiago Vignatti wrote:
> It will fix two possible cases of use after free in RemoveDevice.
>
> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
> ---
> dix/devices.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/dix/devices.c b/dix/devices.c
> index 534931c..0288e15 100644
> --- a/dix/devices.c
> +++ b/dix/devices.c
> @@ -941,6 +941,7 @@ CloseDevice(DeviceIntPtr dev)
> free(dev->config_info); /* Allocated in xf86ActivateDevice. */
> dev->config_info = NULL;
> dixFreeObjectWithPrivates(dev, PRIVATE_DEVICE);
> + dev = NULL;
> }
>
> /**
OK, but _how_ does it do what you say it does? I'm just seeing a dead
store to a local.
Cheers,
Simon
More information about the xorg-devel
mailing list