[PATCH 1/2] Only free pContext once when AddResource fails in ProcRecordCreateContext
Jeremy Huddleston
jeremyhu at apple.com
Tue Apr 19 20:57:53 PDT 2011
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
On Apr 19, 2011, at 19:20, Alan Coopersmith wrote:
> Since RecordDeleteContext frees its argument, don't fall through to free
> it again.
>
> Error: Double free (CWE 415)
> Double free of pointer 'malloc(1072)' defined by malloc
> at line 1964 of record/record.c in function 'ProcRecordCreateContext'.
> Previously freed at line 1960 with RecordDeleteContext.
> 'malloc(1072)' was allocated at line 1926 with malloc.
>
> [ This bug was found by the Parfait 0.3.7 bug checking tool.
> For more information see http://labs.oracle.com/projects/parfait/ ]
>
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
> record/record.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/record/record.c b/record/record.c
> index 53be182..69fca72 100644
> --- a/record/record.c
> +++ b/record/record.c
> @@ -1958,7 +1958,7 @@ ProcRecordCreateContext(ClientPtr client)
> else
> {
> RecordDeleteContext((pointer)pContext, pContext->id);
> - err = BadAlloc;
> + return BadAlloc;
> }
> bailout:
> free(pContext);
> --
> 1.7.3.2
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
More information about the xorg-devel
mailing list