[PATCH xts] XI/ChangePointerDevice: Fix double-free
Peter Harris
pharris at opentext.com
Mon Jun 10 09:37:24 PDT 2013
XCloseDevice frees the device parameter, even if it references an
invalid device. Therefore, the device parameter must have been malloc'd.
Signed-off-by: Peter Harris <pharris at opentext.com>
---
xts5/XI/ChangePointerDevice.m | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/xts5/XI/ChangePointerDevice.m b/xts5/XI/ChangePointerDevice.m
index d203f6e..332a9d8 100644
--- a/xts5/XI/ChangePointerDevice.m
+++ b/xts5/XI/ChangePointerDevice.m
@@ -372,7 +372,7 @@ unsigned char bmap[8];
XDeviceResolutionControl dctl;
XEventClass devicemotionnotifyclass;
XEvent ev;
-XDevice bogus;
+XDevice bogus, *copy;
if (!Setup_Extension_DeviceInfo(ValMask) || NumValuators < 2)
@@ -415,8 +415,10 @@ XDevice bogus;
else
FAIL;
+ copy = malloc(sizeof(bogus));
+ memcpy(copy, &bogus, sizeof(bogus));
device = &bogus;
- XCloseDevice(display, device);
+ XCloseDevice(display, copy);
XSync(display,0);
if (geterr() == baddevice)
{
--
1.7.10.4
More information about the xorg-devel
mailing list