[PATCH 1/4] xfree86: fix use-after-free issue in checkInput
Dave Airlie
airlied at gmail.com
Tue Jun 26 02:58:36 PDT 2012
On Tue, Jun 26, 2012 at 1:00 AM, Peter Hutterer
<peter.hutterer at who-t.net> wrote:
> *dev is the condition of the while loop we're in, reset to NULL after
> freeing
>
> Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
Reviewed-by: Dave Airlie <airlied at redhat.com>
> ---
> hw/xfree86/common/xf86Config.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
> index b22b617..3ec40fe 100644
> --- a/hw/xfree86/common/xf86Config.c
> +++ b/hw/xfree86/common/xf86Config.c
> @@ -2329,6 +2329,7 @@ checkInput(serverLayoutPtr layout, Bool implicit_layout)
>
> current = dev;
> free(*dev);
> + *dev = NULL;
>
> do {
> *current = *(current + 1);
> --
> 1.7.10.2
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
More information about the xorg-devel
mailing list