[PATCH] Check if new space was actually allocated before freeing.
Pierre Willenbrock
pierre at pirsoft.de
Tue Jul 21 08:21:28 PDT 2009
There will be no new space allocated, if mode != PropModeReplace and
len == 0, or if mode is not one of the handled modes.
This fixes freeing data that is still in use, leading to double frees and
other memory corruption.
---
dix/property.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/dix/property.c b/dix/property.c
index 20c18d7..a007aa6 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -350,10 +350,15 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
/* Allow security modules to check the new content */
access_mode |= DixPostAccess;
rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode);
- if (rc == Success)
- xfree(savedProp.data);
- else {
- xfree(pProp->data);
+ if (rc == Success)
+ {
+ if (savedProp.data != pProp->data)
+ xfree(savedProp.data);
+ }
+ else
+ {
+ if (savedProp.data != pProp->data)
+ xfree(pProp->data);
*pProp = savedProp;
return rc;
}
--
1.6.3.3
--------------070502090106020602040602--
More information about the xorg-devel
mailing list