[PATCH] render: Fix double-free on ARGB cursor error path
Keith Packard
keithp at keithp.com
Wed Aug 20 10:07:37 PDT 2014
Keith Packard <keithp at keithp.com> writes:
> Adam Jackson <ajax at redhat.com> writes:
>
>> The gotos deleted by this patch are the only way to get to the bail:
>> label here. In neither case do we need to free the cursor bits from the
>> caller; AllocARGBCursor will already do that on the failure path,
>> likewise AddResource will call the resource delete function on error.
>
> I don't see AllocARGBCursor freeing anything in the failure paths, so I
> think we need to free source/mask. We also need to free argbits
Sorry, I only looked at the very first error return:
pCurs = (CursorPtr) calloc(CURSOR_REC_SIZE + CURSOR_BITS_SIZE, 1);
if (!pCurs)
return BadAlloc;
I'd suggest that AllocARGBCursor shouldn't be freeing anything in its
failure paths that it didn't allocate itself. Gah. APIs are hard.
--
keith.packard at intel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 810 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140820/23f46425/attachment-0001.sig>
More information about the xorg-devel
mailing list