[PATCH] glx: Avoid use-after-free after drawableGone
Adam Jackson
ajax at nwnk.net
Wed Sep 22 08:21:52 PDT 2010
On Wed, 2010-09-22 at 13:32 +0100, Chris Wilson wrote:
> Becareful during list processing to keep valgrind quiet:
>
> ==2989== Invalid read of size 4
> ==2989== at 0x48CE6B5: DrawableGone (glxext.c:168)
> ==2989== by 0x809F401: FreeResource (resource.c:601)
> ==2989== by 0x80845CE: ProcDestroyWindow (dispatch.c:733)
> ==2989== by 0x8087D76: Dispatch (dispatch.c:432)
> ==2989== by 0x8066439: main (main.c:291)
> ==2989== Address 0x55a9c1c is 76 bytes inside a block of size 88 free'd
> ==2989== at 0x4023B6A: free (vg_replace_malloc.c:366)
> ==2989== by 0x48D9DD8: __glXDRIcontextDestroy (glxdri2.c:250)
> ==2989== by 0x48CE1A0: __glXFreeContext (glxext.c:222)
> ==2989== by 0x48CE786: DrawableGone (glxext.c:165)
> ==2989== by 0x809F401: FreeResource (resource.c:601)
> ==2989== by 0x80845CE: ProcDestroyWindow (dispatch.c:733)
> ==2989== by 0x8087D76: Dispatch (dispatch.c:432)
> ==2989== by 0x8066439: main (main.c:291)
>
> Reported-by: Julien Cristau <jcristau at debian.org>
> Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> Cc: Kristian Høgsberg <krh at bitplanet.net>
Reviewed-by: Adam Jackson <ajax at redhat.com>
- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.x.org/archives/xorg-devel/attachments/20100922/18d2411a/attachment.pgp>
More information about the xorg-devel
mailing list