This seems a good convention to follow: if pointers are allocate outside a given function, then free there as well when a failure occurs.
AllocARGBCursor and its callers were mixing up the freeing of resources and causing a particular double free inside TileScreenSaver (srcbits and mskbits). Signed-off-by: Tiago Vignatti <tiago.vigna...@nokia.com> --- dix/cursor.c | 5 +---- dix/dispatch.c | 12 +++++++++--- render/render.c | 12 +++++++++--- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/dix/cursor.c b/dix/cursor.c index 72a7609..c191c1e 100644 --- a/dix/cursor.c +++ b/dix/cursor.c @@ -241,11 +241,8 @@ AllocARGBCursor(unsigned char *psrcbits, unsigned char *pmaskbits, *ppCurs = NULL; pCurs = (CursorPtr)calloc(CURSOR_REC_SIZE + CURSOR_BITS_SIZE, 1); if (!pCurs) - { - free(psrcbits); - free(pmaskbits); return BadAlloc; - } + bits = (CursorBitsPtr)((char *)pCurs + CURSOR_REC_SIZE); dixInitPrivates(pCurs, pCurs + 1, PRIVATE_CURSOR); dixInitPrivates(bits, bits + 1, PRIVATE_CURSOR_BITS) diff --git a/dix/dispatch.c b/dix/dispatch.c index 601b14a..192c8c3 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -2976,11 +2976,17 @@ ProcCreateCursor (ClientPtr client) &pCursor, client, stuff->cid); if (rc != Success) - return rc; - if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) - return BadAlloc; + goto bail; + if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) { + rc = BadAlloc; + goto bail; + } return Success; +bail: + free(srcbits); + free(mskbits); + return rc; } int diff --git a/render/render.c b/render/render.c index 8ff8ee6..8e58711 100644 --- a/render/render.c +++ b/render/render.c @@ -1706,11 +1706,17 @@ ProcRenderCreateCursor (ClientPtr client) GetColor(twocolor[1], 0), &pCursor, client, stuff->cid); if (rc != Success) - return rc; - if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) - return BadAlloc; + goto bail; + if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) { + rc = BadAlloc; + goto bail; + } return Success; +bail: + free(srcbits); + free(mskbits); + return rc; } static int -- 1.7.0.4 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel