If either the initial calloc or the xi2mask_new fails, grab is NULL, but if a src grab is passed in, it was always being written to by CopyGrab (and if that failed, dereferenced again in teardown).
Signed-off-by: Alan Coopersmith <[email protected]> --- dix/grabs.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/dix/grabs.c b/dix/grabs.c index a03897a..7f4c871 100644 --- a/dix/grabs.c +++ b/dix/grabs.c @@ -199,12 +199,11 @@ AllocGrab(const GrabPtr src) free(grab); grab = NULL; } - } - - if (src && !CopyGrab(grab, src)) { - free(grab->xi2mask); - free(grab); - grab = NULL; + else if (src && !CopyGrab(grab, src)) { + free(grab->xi2mask); + free(grab); + grab = NULL; + } } return grab; -- 1.7.9.2 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
