[PATCH] xwm: fix invalid read weston_wm_window_draw_decoration

[Tiago Vignatti]

we cannot delete the pointer inside find_depth cause later
cairo_xcb_surface_create_with_xrender_format will need it.

Signed-off-by: Tiago Vignatti <tiago.vignatti at intel.com>
---
 src/xserver-launcher.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/xserver-launcher.c b/src/xserver-launcher.c
index adc73af..5482821 100644
--- a/src/xserver-launcher.c
+++ b/src/xserver-launcher.c
@@ -895,7 +895,7 @@ weston_wm_handle_map_notify(struct weston_wm *wm, xcb_generic_event_t *event)
 }
 
 static xcb_render_pictforminfo_t *
-find_depth (xcb_connection_t *connection, int depth)
+find_depth (xcb_connection_t *connection, int depth, void **formats_out)
 {
 	xcb_render_query_pict_formats_reply_t	*formats;
 	xcb_render_query_pict_formats_cookie_t cookie;
@@ -917,12 +917,11 @@ find_depth (xcb_connection_t *connection, int depth)
 		if (depth != i.data->depth)
 			continue;
 
-		free(formats);
+		*formats_out = formats;
 		return i.data;
 	}
 
 	free(formats);
-
 	return NULL;
 }
 
@@ -938,6 +937,7 @@ weston_wm_window_draw_decoration(void *data)
 	int x, y, width, height;
 	const char *title;
 	uint32_t flags = 0;
+	void *formats;
 
 	weston_wm_window_read_properties(window);
 
@@ -946,13 +946,14 @@ weston_wm_window_draw_decoration(void *data)
 	weston_wm_window_get_frame_size(window, &width, &height);
 	weston_wm_window_get_child_position(window, &x, &y);
 
-	render_format = find_depth(wm->conn, 24);
+	render_format = find_depth(wm->conn, 24, &formats);
 	surface = cairo_xcb_surface_create_with_xrender_format(wm->conn,
 							       wm->screen,
 							       window->frame_id,
 							       render_format,
 							       width,
 							       height);
+	free(formats);
 	cr = cairo_create(surface);
 
 	if (window->decorate) {
-- 
1.7.9.5