[PATCH xserver] dix: don't free() stack memory
Eric Engestrom
eric.engestrom at imgtec.com
Tue Mar 13 11:58:58 UTC 2018
On Tuesday, 2018-03-13 12:09:40 +0100, Michel Dänzer wrote:
> On 2018-03-13 11:56 AM, Eric Engestrom wrote:
> > In function ‘doImageText’,
> > inlined from ‘ImageText’ at dix/dixfonts.c:1513:5:
> > dix/dixfonts.c:1492:9: warning: attempt to free a non-heap object ‘local_closure’ [-Wfree-nonheap-object]
> > free(c);
> > ^
> >
> > Signed-off-by: Eric Engestrom <eric.engestrom at imgtec.com>
> > ---
> > dix/dixfonts.c | 23 ++++++++++++-----------
> > 1 file changed, 12 insertions(+), 11 deletions(-)
> >
> > diff --git a/dix/dixfonts.c b/dix/dixfonts.c
> > index cca92ed2791ccf262017..c48034dd41426b47915d 100644
> > --- a/dix/dixfonts.c
> > +++ b/dix/dixfonts.c
> > @@ -1498,19 +1498,20 @@ int
> > ImageText(ClientPtr client, DrawablePtr pDraw, GC * pGC, int nChars,
> > unsigned char *data, int xorg, int yorg, int reqType, XID did)
> > {
> > - ITclosureRec local_closure;
> > + ITclosureRec *local_closure = malloc(sizeof(*local_closure));
> >
> > - local_closure.client = client;
> > - local_closure.pDraw = pDraw;
> > - local_closure.pGC = pGC;
> > - local_closure.nChars = nChars;
> > - local_closure.data = data;
> > - local_closure.xorg = xorg;
> > - local_closure.yorg = yorg;
> > - local_closure.reqType = reqType;
> > - local_closure.did = did;
> > + local_closure->client = client;
> > + local_closure->pDraw = pDraw;
> > + local_closure->pGC = pGC;
> > + local_closure->nChars = nChars;
> > + local_closure->data = data;
> > + local_closure->xorg = xorg;
> > + local_closure->yorg = yorg;
> > + local_closure->reqType = reqType;
> > + local_closure->did = did;
> >
> > - (void) doImageText(client, &local_closure);
> > + (void) doImageText(client, local_closure);
> > + free(local_closure);
>
> If the free(c) in the compiler warning above is hit, this is a
> double-free, isn't it?
Yes, yes it is... :facepalm:
I'll look at the code more closely to figure out when the free is
needed, but I just saw this warning and had a look, this isn't code I'm
familiar with *at all*, so I might just end up giving up if I can't
figure it out easily enough :/
>
>
> --
> Earthling Michel Dänzer | http://www.amd.com
> Libre software enthusiast | Mesa and X developer
More information about the xorg-devel
mailing list