On Tue, Jul 21, 2009 at 05:52:50PM +0200, Pierre Willenbrock wrote: > Hi list, > > this fixes a problem where data of window properties is freed without > the reference being replaced, leading to multiple frees and makes bad > things happen when the memory is reused(crashes). > > This happens very seldom, since most of the time there is no data > attached to the property or it is replaced. It takes quite some time to > trigger when editing in emacs using the gtk gui. To my knowledge, no > other program had this problem. > > Regards, > Pierre
> From beff1cbe069a2d0ae17293bc1c9881dca641c24f Mon Sep 17 00:00:00 2001 > From: Pierre Willenbrock <[email protected]> > Date: Tue, 21 Jul 2009 17:21:28 +0200 > Subject: [PATCH] Check if new space was actually allocated before freeing. > > There will be no new space allocated, if mode != PropModeReplace and > len == 0, or if mode is not one of the handled modes. > This fixes freeing data that is still in use, leading to double frees and > other memory corruption. > --- > dix/property.c | 13 +++++++++---- > 1 files changed, 9 insertions(+), 4 deletions(-) > > diff --git a/dix/property.c b/dix/property.c > index 20c18d7..a007aa6 100644 > --- a/dix/property.c > +++ b/dix/property.c > @@ -350,10 +350,15 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr > pWin, Atom property, > /* Allow security modules to check the new content */ > access_mode |= DixPostAccess; > rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode); > - if (rc == Success) > - xfree(savedProp.data); > - else { > - xfree(pProp->data); > + if (rc == Success) > + { > + if (savedProp.data != pProp->data) > + xfree(savedProp.data); > + } > + else > + { > + if (savedProp.data != pProp->data) > + xfree(pProp->data); > *pProp = savedProp; > return rc; > } > -- > 1.6.3.3 Thanks, merged. Will be pushed in a tick. Cheers, Peter _______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
