[patch] fix another module loader memory leak
Maxim Levitsky
maximlevitsky at gmail.com
Tue Feb 19 02:30:48 PST 2008
On Tuesday, 12 February 2008 20:53:11 Arjan van de Ven wrote:
> LoadModule() returns the only reference to a fresh piece of memory (a ModuleDescPtr).
> Sadly, xf86LoadModules() dropped the return value on the floor, leaking memory for
> each module it loaded.
>
> --- hw/xfree86/common/xf86Init.c~ 2008-02-11 12:08:38.000000000 +0100
> +++ hw/xfree86/common/xf86Init.c 2008-02-11 12:08:38.000000000 +0100
> @@ -1820,6 +1820,7 @@ xf86LoadModules(char **list, pointer *op
> int i;
> char *name;
> Bool failed = FALSE;
> + ModuleDescPtr *desc;
>
> if (!list)
> return TRUE;
> @@ -1842,11 +1843,15 @@ xf86LoadModules(char **list, pointer *op
> else
> opt = NULL;
>
> - if (!LoadModule(name, NULL, NULL, NULL, opt, NULL, &errmaj, &errmin)) {
> + desc = LoadModule(name, NULL, NULL, NULL, opt, NULL, &errmaj, &errmin)
> + if (!desc) {
> LoaderErrorMsg(NULL, name, errmaj, errmin);
> failed = TRUE;
> }
> xfree(name);
> + TestFree(desc->name);
> + TestFree(desc->filename);
> + xfree(desc);
> }
> return !failed;
> }
>
>
Hi,
This patch makes xserver segfault here:
Backtrace:
0: /usr/local/bin/X(xf86SigHandler+0x79) [0x80cba89]
1: [0xffffe420]
2: /usr/local/bin/X [0x80a8edc]
3: /usr/local/bin/X(DuplicateModule+0x29) [0x80aa8c9]
4: /usr/local/bin/X(xf86AllocateScreen+0xc8) [0x80d80d8]
5: /usr/local/bin/X(xf86ConfigPciEntity+0x177) [0x80d8397]
6: /usr/local/lib/xorg/modules/drivers//intel_drv.so [0xb7992131]
7: /usr/local/bin/X(xf86CallDriverProbe+0x1f3) [0x80a70c3]
8: /usr/local/bin/X(InitOutput+0x760) [0x80a7a40]
9: /usr/local/bin/X(main+0x266) [0x8070c96]
10: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7b35450]
11: /usr/local/bin/X(FontFileCompleteXLFD+0x1e5) [0x80702f1]
It turns out that mod->name was freed, but still can used by DuplicateModule
I checked with gdb and the crash happens in NewModuleDesc->xstrdup
Regards,
Maxim Levitsky
More information about the xorg
mailing list