[PATCH 5/5] xaa: avoid possible freed pointer reuse in epilogue
Jeremy Huddleston
jeremyhu at apple.com
Wed Oct 19 10:41:40 PDT 2011
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
On Oct 19, 2011, at 9:01 AM, Dave Airlie wrote:
> From: Dave Airlie <airlied at redhat.com>
>
> If the pGCPriv->flags == 2, then we try to assign the freed pGCPriv->XAAOps
> avoid this by clearing the flags in to be destroyed pGCPriv.
>
> Reported by coverity.
>
> Signed-off-by: Dave Airlie <airlied at redhat.com>
> ---
> hw/xfree86/xaa/xaaGC.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/hw/xfree86/xaa/xaaGC.c b/hw/xfree86/xaa/xaaGC.c
> index 44d50e6..1bc35d9 100644
> --- a/hw/xfree86/xaa/xaaGC.c
> +++ b/hw/xfree86/xaa/xaaGC.c
> @@ -239,6 +239,7 @@ XAADestroyGC(GCPtr pGC)
> free(pGCPriv->XAAOps);
>
> free(pGCPriv->DashPattern);
> + pGCPriv->flags = 0;
>
> (*pGC->funcs->DestroyGC)(pGC);
> XAA_GC_FUNC_EPILOGUE (pGC);
> --
> 1.7.6.4
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
More information about the xorg-devel
mailing list