[PATCH xserver] dix: don't free() stack memory
Michel Dänzer
michel at daenzer.net
Tue Mar 13 11:09:40 UTC 2018
On 2018-03-13 11:56 AM, Eric Engestrom wrote:
> In function ‘doImageText’,
> inlined from ‘ImageText’ at dix/dixfonts.c:1513:5:
> dix/dixfonts.c:1492:9: warning: attempt to free a non-heap object ‘local_closure’ [-Wfree-nonheap-object]
> free(c);
> ^
>
> Signed-off-by: Eric Engestrom <eric.engestrom at imgtec.com>
> ---
> dix/dixfonts.c | 23 ++++++++++++-----------
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
> diff --git a/dix/dixfonts.c b/dix/dixfonts.c
> index cca92ed2791ccf262017..c48034dd41426b47915d 100644
> --- a/dix/dixfonts.c
> +++ b/dix/dixfonts.c
> @@ -1498,19 +1498,20 @@ int
> ImageText(ClientPtr client, DrawablePtr pDraw, GC * pGC, int nChars,
> unsigned char *data, int xorg, int yorg, int reqType, XID did)
> {
> - ITclosureRec local_closure;
> + ITclosureRec *local_closure = malloc(sizeof(*local_closure));
>
> - local_closure.client = client;
> - local_closure.pDraw = pDraw;
> - local_closure.pGC = pGC;
> - local_closure.nChars = nChars;
> - local_closure.data = data;
> - local_closure.xorg = xorg;
> - local_closure.yorg = yorg;
> - local_closure.reqType = reqType;
> - local_closure.did = did;
> + local_closure->client = client;
> + local_closure->pDraw = pDraw;
> + local_closure->pGC = pGC;
> + local_closure->nChars = nChars;
> + local_closure->data = data;
> + local_closure->xorg = xorg;
> + local_closure->yorg = yorg;
> + local_closure->reqType = reqType;
> + local_closure->did = did;
>
> - (void) doImageText(client, &local_closure);
> + (void) doImageText(client, local_closure);
> + free(local_closure);
If the free(c) in the compiler warning above is hit, this is a
double-free, isn't it?
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
More information about the xorg-devel
mailing list