[PATCH weston 04/11] compositor-fbdev: Avoid dereferencing a pointer in freed memory

Bill Spitzak spitzak at gmail.com
Sat Jul 27 11:20:53 PDT 2013


On 07/27/2013 02:08 AM, Rob Bradford wrote:
> On 27 July 2013 00:21, Bill Spitzak <spitzak at gmail.com> wrote:
>>> +               device = output->device;
>>>                  fbdev_output_destroy(base);
>>
>>
>> Are you sure this does not free the memory that is now at *device?
>
> Maybe I missed something - can you point me at the code which makes
> you think it does? My reading of the code indicates the string is a
> const char * passed into fbdev_ouput_create and saved into that device
> struct. It is not strdup()ed into there.
>
> This patch is to avoid a dereference into a block of memory freed in
> fbdev_output_destroy()
>
> Rob
>
It sounds like you did the analysis. I was just thinking that it may be 
something freed by the destroy function, but it is not.



More information about the wayland-devel mailing list