Xorg crash when removing an input device
Fabrice Ménard
menard.fabrice at orange.fr
Thu Oct 18 06:36:05 PDT 2007
Hi,
Using input hotplug, I noticed that the server crashes when I remove a device
with the following command
dbus-send --system --type=method_call --print-reply \
--dest=org.x.config.display0 /org/x/config/0 org.x.config.input.remove\
uint32:X
(where X is the device number given by listDevices)
The bug comes from a double freed memory. When a device is removed
DeleteInputDeviceRequest (in xf86Xinput.c) calls RemoveDevice(pDev) then
xf86DeleteInput (in xf86Helper.c) and this latter frees something
(xfree(pInp)) that has been previously freed by RemoveDevice.
This proposed patch is ok for me but I don't know if xf86DeleteInput is called
outside DeleteInputDeviceRequest (therefore without calling RemoveDevice)
Regards,
--
Fabrice Ménard
menard.fabrice at orange.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xserver.patch
Type: text/x-diff
Size: 408 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20071018/e6738c28/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20071018/e6738c28/attachment.pgp>
More information about the xorg
mailing list