[PATCH] Replace malloc with calloc to initialize the buffers[] as NULL in do_get_buffers function

walter harms wharms at bfs.de
Mon Feb 14 05:46:40 PST 2011



Am 10.02.2011 22:27, schrieb Kristian Høgsberg:
> From: Justin Dou <Justin.Dou at intel.com>
> 
> The calling for allocate_or_reuse_buffer may fail due to some reason, e.g. out of memory.
> If the buffers[] were not initialized to be NULL, the following err_out may try to access an illegal memory, which will cause X crash afterward.
> 
> Reviewed-by: Kristian Høgsberg <krh at bitplanet.net>
> Signed-off-by: Justin Dou <Justin.Dou at intel.com>
> ---
>  hw/xfree86/dri2/dri2.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c
> index 34f735f..5d31e77 100644
> --- a/hw/xfree86/dri2/dri2.c
> +++ b/hw/xfree86/dri2/dri2.c
> @@ -403,7 +403,7 @@ do_get_buffers(DrawablePtr pDraw, int *width, int *height,
>  	&& (pDraw->height == pPriv->height)
>  	&& (pPriv->serialNumber == DRI2DrawableSerial(pDraw));
>  
> -    buffers = malloc((count + 1) * sizeof(buffers[0]));
> +    buffers = calloc((count + 1), sizeof(buffers[0]));
>  
>      for (i = 0; i < count; i++) {
>  	const unsigned attachment = *(attachments++);

may be i am pessimistic but what happen when you run OOM ?
according to the note above i expected something like:

if ( buffers == NULL ) exit(1);
(or what ever you do in OOM conditions)

re,
 wh



More information about the xorg mailing list