'ch' gets moved inside the allocated buffer as we're looping through
fonts, so keep a reference to the start of the buffer so we can pass
that to Xfree in the failure case.
Fixes: commit 20a3f99eba5001925b8b313da3accb7900eb1927 "Plug a memory leak"
Signed-off-by: Julien Cristau <jcris...@debian.org>
---
src/FontNames.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/FontNames.c b/src/FontNames.c
index 3e23b5f4..9ffdfd29 100644
--- a/src/FontNames.c
+++ b/src/FontNames.c
@@ -43,6 +43,7 @@ int *actualCount) /* RETURN */
register int length;
char **flist = NULL;
char *ch = NULL;
+ char *chstart;
char *chend;
int count = 0;
xListFontsReply rep;
@@ -86,6 +87,7 @@ int *actualCount) /* RETURN */
/*
* unpack into null terminated strings.
*/
+ chstart = ch;
chend = ch + (rlen + 1);
length = *(unsigned char *)ch;
*ch = 1; /* make sure it is non-zero for XFreeFontNames */
@@ -98,14 +100,14 @@ int *actualCount) /* RETURN */
*ch = '\0'; /* and replace with null-termination */
count++;
} else {
- Xfree(ch);
+ Xfree(chstart);
Xfree(flist);
flist = NULL;
count = 0;
break;
}
} else {
- Xfree(ch);
+ Xfree(chstart);
Xfree(flist);
flist = NULL;
count = 0;
--
2.11.0
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel
