[PATCH 1/5] xfree86: xv: fix double free in xf86XVFreeAdaptor
Tiago Vignatti
tiago.vignatti at nokia.com
Mon Apr 4 10:54:31 PDT 2011
When xf86XVFreeAdaptor is called more than once in xf86XVInitAdaptors (it may,
but not often), the conditional being changed in this patch will always take
true path and will keep freeing pAdaptor->pAttributes, thus letting the system
error-prone.
This patch fix such problem checking for a pointer instead the number of
attributes. Such pointer will be deallocated when xf86XVFreeAdaptor is called
first and will not let the code re-run in the following calls. This is a bit
similar how the surroundings code is already doing.
Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
---
hw/xfree86/common/xf86xv.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/hw/xfree86/common/xf86xv.c b/hw/xfree86/common/xf86xv.c
index 53ebe8f..f87af4c 100644
--- a/hw/xfree86/common/xf86xv.c
+++ b/hw/xfree86/common/xf86xv.c
@@ -343,12 +343,13 @@ xf86XVFreeAdaptor(XvAdaptorPtr pAdaptor)
free(pAdaptor->pPorts);
}
- if(pAdaptor->nAttributes) {
+ if(pAdaptor->pAttributes) {
XvAttributePtr pAttribute = pAdaptor->pAttributes;
for(i = 0; i < pAdaptor->nAttributes; i++, pAttribute++)
free(pAttribute->name);
free(pAdaptor->pAttributes);
+ pAdaptor->pAttributes = NULL;
}
free(pAdaptor->pImages);
--
1.7.0.4
More information about the xorg-devel
mailing list