[PATCH] intel uxa: Fix use-after-free
Maarten Lankhorst
maarten.lankhorst at canonical.com
Tue Jun 19 08:53:44 PDT 2012
white is set to src if used, but src can be used in the maskFormat too.
Fixes crash when logging in on a sandybridge laptop.
Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>
---
diff --git a/uxa/uxa-glyphs.c b/uxa/uxa-glyphs.c
index e83464e..4b81756 100644
--- a/uxa/uxa-glyphs.c
+++ b/uxa/uxa-glyphs.c
@@ -538,9 +538,6 @@ uxa_check_glyphs(CARD8 op,
list++;
}
- if (white)
- FreePicture(white, 0);
-
if (maskFormat) {
x = extents.x1;
y = extents.y1;
@@ -554,6 +551,9 @@ uxa_check_glyphs(CARD8 op,
FreeScratchPixmapHeader(scratch);
pixman_image_unref(image);
}
+
+ if (white)
+ FreePicture(white, 0);
}
static inline unsigned int
More information about the dri-devel
mailing list