From: Ben Skeggs <[email protected]> Without resetting the private's pointer to NULL, we can end up freeing the struct twice:
==11188== Invalid free() / delete / delete[] ==11188== at 0x4C24D72: free (vg_replace_malloc.c:325) ==11188== by 0x42D8A3: dixFreePrivates (privates.c:217) ==11188== by 0x420CF6: main (main.c:319) ==11188== Address 0x8d884a0 is 0 bytes inside a block of size 24 free'd ==11188== at 0x4C24D72: free (vg_replace_malloc.c:325) ==11188== by 0x4996A3: CursorCloseScreen (cursor.c:200) ==11188== by 0x4C051B: AnimCurCloseScreen (animcur.c:125) ==11188== by 0x420CCB: main (main.c:317) ==11188== Signed-off-by: Ben Skeggs <[email protected]> --- xfixes/cursor.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/xfixes/cursor.c b/xfixes/cursor.c index 41ba0fb..5c04231 100644 --- a/xfixes/cursor.c +++ b/xfixes/cursor.c @@ -190,6 +190,7 @@ CursorCloseScreen (int index, ScreenPtr pScreen) deleteCursorHideCountsForScreen(pScreen); ret = (*pScreen->CloseScreen) (index, pScreen); free(cs); + SetCursorScreen(pScreen, NULL); return ret; } -- 1.7.0.1 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
