[PATCH xserver 2/3] randr: always realloc crtcs and outputs

Giuseppe Bilotta giuseppe.bilotta at gmail.com
Thu Nov 9 09:21:20 UTC 2017 

When the last crtc (resp. output) is destroyed, the rrScrPriv crtcs
(resp. outputs) fields do not get cleared, which can lead to a situation
where the private's numCrtcs (resp. numOutputs) field is zero, but the
associated memory is still allocated. Just checking if numCrtcs (resp.
numOutputs) is zero is thus not a good criteria to determine whetehr to
use a realloc or a malloc.

Since crtcs (resp. outputs) are NULL-initialized anyway, relying on
numCrtcs (resp. numOutputs) is actually unnecessary, because
reallocation of a NULL ptr is equivalent to a malloc anyway.

Therefore, just use realloc() unconditionally, and ensure that the
fields are properly initialized.

Signed-off-by: Giuseppe Bilotta <giuseppe.bilotta at gmail.com>
---
 randr/rrcrtc.c   | 9 +++------
 randr/rroutput.c | 9 +++------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/randr/rrcrtc.c b/randr/rrcrtc.c
index 2eb9fbdc8..c904fa035 100644
--- a/randr/rrcrtc.c
+++ b/randr/rrcrtc.c
@@ -66,13 +66,10 @@ RRCrtcCreate(ScreenPtr pScreen, void *devPrivate)
     pScrPriv = rrGetScrPriv(pScreen);
 
     /* make space for the crtc pointer */
-    if (pScrPriv->numCrtcs)
-        crtcs = reallocarray(pScrPriv->crtcs,
-                             pScrPriv->numCrtcs + 1, sizeof(RRCrtcPtr));
-    else
-        crtcs = malloc(sizeof(RRCrtcPtr));
+    crtcs = reallocarray(pScrPriv->crtcs,
+            pScrPriv->numCrtcs + 1, sizeof(RRCrtcPtr));
     if (!crtcs)
-        return FALSE;
+        return NULL;
     pScrPriv->crtcs = crtcs;
 
     crtc = calloc(1, sizeof(RRCrtcRec));
diff --git a/randr/rroutput.c b/randr/rroutput.c
index 647f19a52..90fe4e6c1 100644
--- a/randr/rroutput.c
+++ b/randr/rroutput.c
@@ -71,13 +71,10 @@ RROutputCreate(ScreenPtr pScreen,
 
     pScrPriv = rrGetScrPriv(pScreen);
 
-    if (pScrPriv->numOutputs)
-        outputs = reallocarray(pScrPriv->outputs,
-                               pScrPriv->numOutputs + 1, sizeof(RROutputPtr));
-    else
-        outputs = malloc(sizeof(RROutputPtr));
+    outputs = reallocarray(pScrPriv->outputs,
+                           pScrPriv->numOutputs + 1, sizeof(RROutputPtr));
     if (!outputs)
-        return FALSE;
+        return NULL;
 
     pScrPriv->outputs = outputs;
 
-- 
2.14.1.439.g647b9b4702

More information about the xorg-devel mailing list