Update: [PATCH] xserver: input device valuator memory leak

[Magnus Vigerlöf]

Free the memory allocated for motion history when removing the input device.

--
> suggestion: set dev->valuator->motion = NULL on device init, then you
> can just call xfree(dev->valuator->motion) rather than duplicating
> the hack. A short grep revealed that motion is either set to the
> motion history or nothing anyway.

You're absolutely right Peter.. I added a few sanity checks and fallback
cases in low-memory situations for the motion-history allocation as well
in this version to avoid use/free of memory not allocated.

Thanks for your help
  Magnus
--
diff --git a/dix/devices.c b/dix/devices.c
index c976df0..8d530cc 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -443,8 +443,10 @@ #endif
 	xfree(dev->key);
     }
 
-    if (dev->valuator)
+    if (dev->valuator) {
+        xfree(dev->valuator->motion);
         xfree(dev->valuator);
+    }
 
     if (dev->button) {
 #ifdef XKB
diff --git a/dix/getevents.c b/dix/getevents.c
index 9103a92..26f36ef 100644
--- a/dix/getevents.c
+++ b/dix/getevents.c
@@ -85,15 +85,19 @@ GetMotionHistorySize()
 _X_EXPORT void
 AllocateMotionHistory(DeviceIntPtr pDev)
 {
-    if (pDev->valuator->motion)
-        xfree(pDev->valuator->motion);
+    xfree(pDev->valuator->motion);
+    pDev->valuator->motion = NULL;
 
-    if (pDev->valuator->numMotionEvents < 1)
+    if (pDev->valuator->numMotionEvents < 1) {
+        pDev->valuator->numMotionEvents = 0;
         return;
+    }
 
     pDev->valuator->motion = xalloc(((sizeof(INT32) * pDev->valuator->numAxes) +
                                      sizeof(Time)) *
                                     pDev->valuator->numMotionEvents);
+    if(!pDev->valuator->motion)
+        pDev->valuator->numMotionEvents = 0;
     pDev->valuator->first_motion = 0;
     pDev->valuator->last_motion = 0;
 }