On Thu, 2010-06-10 at 23:08 -0700, Keith Packard wrote: > On Fri, 11 Jun 2010 14:26:57 +1000, Ben Skeggs <[email protected]> wrote: > > > Without resetting the private's pointer to NULL, we can end up freeing > > the struct twice: > > > > ==11188== Invalid free() / delete / delete[] > > ==11188== at 0x4C24D72: free (vg_replace_malloc.c:325) > > ==11188== by 0x42D8A3: dixFreePrivates (privates.c:217) > > ==11188== by 0x420CF6: main (main.c:319) > > ==11188== Address 0x8d884a0 is 0 bytes inside a block of size 24 free'd > > ==11188== at 0x4C24D72: free (vg_replace_malloc.c:325) > > ==11188== by 0x4996A3: CursorCloseScreen (cursor.c:200) > > ==11188== by 0x4C051B: AnimCurCloseScreen (animcur.c:125) > > ==11188== by 0x420CCB: main (main.c:317) > > ==11188== > > This is not a 1.9 server -- the new devPrivates will not free storage in > this way, so feel free to merge it to 1.8, but there's no need to add > this to 1.9. Even in 1.8, I'm surprised that the devPrivates code is > freeing stuff it didn't allocate. That seems quite wrong. Yes, this shouldn't actually happen. Your mail made me look into this a big deeper, and I've found out how it's happening, but need a bit more looking into to find out how to fix.
So, no need to commit this patch. > _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
