[PATCHv3 13/14] xfree86: fix bad free configInputDevices
Tiago Vignatti
tiago.vignatti at nokia.com
Thu Mar 31 04:02:22 PDT 2011
On 03/30/2011 04:18 PM, ext Dan Nicholson wrote:
> On Tue, Mar 29, 2011 at 8:08 AM, Tiago Vignatti
> <tiago.vignatti at nokia.com> wrote:
>> introduced in e1165632bdfbd720889ed1adf5f7ab338032c0ee.
>
> Actually, it would have been an earlier commit since Peter just moved
> this code to a convenience function in that commit. Anyway...
you're right... it was made in 93ca526892c0d22afa05cce6496198c652043a19.
>> Signed-off-by: Tiago Vignatti<tiago.vignatti at nokia.com>
>> ---
>> hw/xfree86/common/xf86Config.c | 3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
>> index 7a23253..114bdc3 100644
>> --- a/hw/xfree86/common/xf86Config.c
>> +++ b/hw/xfree86/common/xf86Config.c
>> @@ -1459,8 +1459,9 @@ configInputDevices(XF86ConfLayoutPtr layout, serverLayoutPtr servlayoutp)
>> while (irp) {
>> indp[count] = xf86AllocateInput();
>> if (!configInput(indp[count], irp->iref_inputdev, X_CONFIG)) {
>> - while(count--)
>> + do {
>> free(indp[count]);
>> + } while(count--);
>> free(indp);
>> return FALSE;
>> }
>
> Since the original code was doing a post-test decrement, wouldn't it
> have wound all the way down to "free(indp[0])"? If it was "while
> (--count)", I'd agree this is needed.
no, I don't think so.
In the original code, indp[0] wouldn't be deallocated when count starts
as 0 and then it's decremented to -1... or if count is 1, got
decremented and indp[1] is not deallocated. My patch should fix this
behavior.
Thanks!
Tiago
More information about the xorg-devel
mailing list