RRModeCreate: also free mode in error case.
Adam Jackson
ajax at nwnk.net
Wed Jul 1 07:58:49 PDT 2015
On Sun, 2015-06-14 at 23:20 +0200, Mihai Moldovan wrote:
> This is a follow-up to c7b7abfaa068042e396d19538215402cfbb4f1e4.
The patch is wrong:
> diff --git a/randr/rrmode.c b/randr/rrmode.c
> index a7aa433..ef90a46 100644
> --- a/randr/rrmode.c
> +++ b/randr/rrmode.c
> @@ -90,6 +90,7 @@ RRModeCreate(xRRModeInfo * modeInfo, const char
> *name, ScreenPtr userScreen)
>
> mode->mode.id = FakeClientID(0);
> if (!AddResource(mode->mode.id, RRModeType, (void *) mode)) {
> + free(mode);
On failure, AddResource calls the deleteFunc for the given type and
value. Here, that's RRModeDestroyResource, which already does
free(mode) as the last step. So this patch would introduce a double
-free.
- ajax
More information about the xorg-devel
mailing list