[patch] fix another module loader memory leak

Maxim Levitsky maximlevitsky at gmail.com
Tue Feb 19 02:30:48 PST 2008


On Tuesday, 12 February 2008 20:53:11 Arjan van de Ven wrote:
> LoadModule() returns the only reference to a fresh piece of memory (a ModuleDescPtr).
> Sadly, xf86LoadModules() dropped the return value on the floor, leaking memory for
> each module it loaded.
> 
> --- hw/xfree86/common/xf86Init.c~	2008-02-11 12:08:38.000000000 +0100
> +++ hw/xfree86/common/xf86Init.c	2008-02-11 12:08:38.000000000 +0100
> @@ -1820,6 +1820,7 @@ xf86LoadModules(char **list, pointer *op
>      int i;
>      char *name;
>      Bool failed = FALSE;
> +    ModuleDescPtr *desc;
>  
>      if (!list)
>  	return TRUE;
> @@ -1842,11 +1843,15 @@ xf86LoadModules(char **list, pointer *op
>  	else
>  	    opt = NULL;
>  
> -        if (!LoadModule(name, NULL, NULL, NULL, opt, NULL, &errmaj, &errmin)) {
> +	desc = LoadModule(name, NULL, NULL, NULL, opt, NULL, &errmaj, &errmin)
> +        if (!desc) {
>  	    LoaderErrorMsg(NULL, name, errmaj, errmin);
>  	    failed = TRUE;
>  	}
>  	xfree(name);
> +	TestFree(desc->name);
> +	TestFree(desc->filename);
> +	xfree(desc);
>      }
>      return !failed;
>  }
> 
> 

Hi,

This patch makes xserver segfault here:

Backtrace:
0: /usr/local/bin/X(xf86SigHandler+0x79) [0x80cba89]
1: [0xffffe420]
2: /usr/local/bin/X [0x80a8edc]
3: /usr/local/bin/X(DuplicateModule+0x29) [0x80aa8c9]
4: /usr/local/bin/X(xf86AllocateScreen+0xc8) [0x80d80d8]
5: /usr/local/bin/X(xf86ConfigPciEntity+0x177) [0x80d8397]
6: /usr/local/lib/xorg/modules/drivers//intel_drv.so [0xb7992131]
7: /usr/local/bin/X(xf86CallDriverProbe+0x1f3) [0x80a70c3]
8: /usr/local/bin/X(InitOutput+0x760) [0x80a7a40]
9: /usr/local/bin/X(main+0x266) [0x8070c96]
10: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7b35450]
11: /usr/local/bin/X(FontFileCompleteXLFD+0x1e5) [0x80702f1]


It turns out that mod->name was freed, but still can used by DuplicateModule
I checked with gdb and the crash happens in NewModuleDesc->xstrdup


Regards,
	Maxim Levitsky





More information about the xorg mailing list