[PATCH] xv: fix double free in AddResource failure case
Julien Cristau
jcristau at debian.org
Tue Mar 1 20:39:01 UTC 2016
XvdiDestroyVideoNotifyList already frees the list if AddResource fails,
so don't do it twice. And set tpn->client to NULL explicitly to avoid
confusing uninitialized memory with a valid value.
Signed-off-by: Julien Cristau <jcristau at debian.org>
---
Xext/xvmain.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/Xext/xvmain.c b/Xext/xvmain.c
index 0c6f25b..de6cc7a 100644
--- a/Xext/xvmain.c
+++ b/Xext/xvmain.c
@@ -800,10 +800,9 @@ XvdiSelectVideoNotify(ClientPtr client, DrawablePtr pDraw, BOOL onoff)
if (!(tpn = malloc(sizeof(XvVideoNotifyRec))))
return BadAlloc;
tpn->next = NULL;
- if (!AddResource(pDraw->id, XvRTVideoNotifyList, tpn)) {
- free(tpn);
+ tpn->client = NULL;
+ if (!AddResource(pDraw->id, XvRTVideoNotifyList, tpn))
return BadAlloc;
- }
}
else {
/* LOOK TO SEE IF ENTRY ALREADY EXISTS */
--
2.7.0
More information about the xorg-devel
mailing list