[PATCH v2 20/25] [libx11] info_list->watch_data was being reallocated, but the return value of the reallocation was stored only into a local variable. This might cause some funky behavior and crashes.
Erkki Seppälä
erkki.seppala at vincit.fi
Mon Jan 31 04:02:12 PST 2011
From: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira at nokia.com>
Variable "wd_array" goes out of scope Value "wd_array" is overwritten in "wd_array = (XPointer*)realloc((char*)info_list->watch_data, (((dpy->watcher_count + 1) * 4U == 0U) ? 1U : ((dpy->watcher_count + 1) * 4U)))"
Reviewed-by: Erkki Seppälä <erkki.seppala at vincit.fi>
Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira at nokia.com>
Signed-off-by: Erkki Seppälä <erkki.seppala at vincit.fi>
---
src/XlibInt.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/XlibInt.c b/src/XlibInt.c
index 52ccff1..3d13747 100644
--- a/src/XlibInt.c
+++ b/src/XlibInt.c
@@ -662,6 +662,7 @@ XAddConnectionWatch(
UnlockDisplay(dpy);
return 0;
}
+ info_list->watch_data = wd_array;
wd_array[dpy->watcher_count] = NULL; /* for cleanliness */
}
--
1.7.0.4
More information about the xorg-devel
mailing list