[PATCH] render: fix crash on creation of animated cursors

Magnus Kessler Sat, 02 May 2009 02:08:04 -0700

With commit 57aff88c7d0761e590806d07bee1c9410680c89f the server crashes in 
AnimCursorCreate (animcursor.c:393) when creating an animated cursor. The 
underlying cause is that only cursors[1] is ever initialised in 
ProcRenderCreateAnimCursor (render.c:1860)


Signed-off-by: Magnus Kessler <[email protected]>

diff --git a/render/render.c b/render/render.c
index 8487b60..5622994 100644
--- a/render/render.c
+++ b/render/render.c
@@ -1857,7 +1857,7 @@ ProcRenderCreateAnimCursor (ClientPtr client)
     elt = (xAnimCursorElt *) (stuff + 1);
     for (i = 0; i < ncursor; i++)
     {
-       ret = dixLookupResourceByType((pointer *)(cursors + 1), elt->cursor,
+       ret = dixLookupResourceByType((pointer *)(cursors + i), elt->cursor,
                                      RT_CURSOR, client, DixReadAccess);
        if (ret != Success)
        {

signature.asc
Description: This is a digitally signed message part.

_______________________________________________
xorg-devel mailing list
[email protected]
http://lists.x.org/mailman/listinfo/xorg-devel

[PATCH] render: fix crash on creation of animated cursors

Reply via email to