[PATCH 1/5] xfree86: xv: fix double free in xf86XVFreeAdaptor
Jeremy Huddleston
jeremyhu at apple.com
Tue Apr 5 09:45:59 PDT 2011
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
On Apr 4, 2011, at 10:54 AM, Tiago Vignatti wrote:
> When xf86XVFreeAdaptor is called more than once in xf86XVInitAdaptors (it may,
> but not often), the conditional being changed in this patch will always take
> true path and will keep freeing pAdaptor->pAttributes, thus letting the system
> error-prone.
>
> This patch fix such problem checking for a pointer instead the number of
> attributes. Such pointer will be deallocated when xf86XVFreeAdaptor is called
> first and will not let the code re-run in the following calls. This is a bit
> similar how the surroundings code is already doing.
>
> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
> ---
> hw/xfree86/common/xf86xv.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/hw/xfree86/common/xf86xv.c b/hw/xfree86/common/xf86xv.c
> index 53ebe8f..f87af4c 100644
> --- a/hw/xfree86/common/xf86xv.c
> +++ b/hw/xfree86/common/xf86xv.c
> @@ -343,12 +343,13 @@ xf86XVFreeAdaptor(XvAdaptorPtr pAdaptor)
> free(pAdaptor->pPorts);
> }
>
> - if(pAdaptor->nAttributes) {
> + if(pAdaptor->pAttributes) {
> XvAttributePtr pAttribute = pAdaptor->pAttributes;
>
> for(i = 0; i < pAdaptor->nAttributes; i++, pAttribute++)
> free(pAttribute->name);
> free(pAdaptor->pAttributes);
> + pAdaptor->pAttributes = NULL;
> }
>
> free(pAdaptor->pImages);
> --
> 1.7.0.4
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
More information about the xorg-devel
mailing list