Re: [PATCH v2] glx: Fix use after free in DrawableGone

On Thu, 23 Sep 2010 09:04:11 -0400, Kristian Høgsberg k...@bitplanet.net wrote: Signed-off-by: Kristian Høgsberg k...@bitplanet.net --- Chris Wilson points out that we were still accessing c-next after free. Here's an updated version that fixes that. I've merged this patch (and attempted

Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010/9/23 Kristian Høgsberg k...@bitplanet.net: 2010/9/23 Jeremy Huddleston jerem...@apple.com: That seems off to me.  This is doing more than changing the c-next dereference.  You're now freeing it where you weren't before. Previously, you freed it inside: if (c-isCurrent (c-drawPriv ==

Re: [PATCH v2] glx: Fix use after free in DrawableGone

On Sep 27, 2010, at 05:42, Kristian Høgsberg wrote: ... Jeremy, does the above explanation satisfy your concerns? Keith, do you want to pick this up for master? Yes, thanks. On Sep 23, 2010, at 06:04, Kristian Høgsberg wrote: Signed-off-by: Kristian Høgsberg k...@bitplanet.net ---

Re: [PATCH v2] glx: Fix use after free in DrawableGone

On Thu, 23 Sep 2010 09:04:11 -0400, Kristian Høgsberg k...@bitplanet.net wrote: Signed-off-by: Kristian Høgsberg k...@bitplanet.net Now that is starting to look familiar ;-) Reported-by: Julien Cristau jcris...@debian.org Tested-by: Chris Wilson ch...@chris-wilson.co.uk -- Chris Wilson,

Re: [PATCH v2] glx: Fix use after free in DrawableGone

That seems off to me. This is doing more than changing the c-next dereference. You're now freeing it where you weren't before. Previously, you freed it inside: if (c-isCurrent (c-drawPriv == glxPriv || c-readPriv == glxPriv)) if(!c-idExists) Now, you free it inside: if (!c-idExists

Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010/9/23 Jeremy Huddleston jerem...@apple.com: That seems off to me.  This is doing more than changing the c-next dereference.  You're now freeing it where you weren't before. Previously, you freed it inside: if (c-isCurrent (c-drawPriv == glxPriv || c-readPriv == glxPriv))