Am 10.02.2011 22:27, schrieb Kristian Høgsberg: > From: Justin Dou <[email protected]> > > The calling for allocate_or_reuse_buffer may fail due to some reason, e.g. > out of memory. > If the buffers[] were not initialized to be NULL, the following err_out may > try to access an illegal memory, which will cause X crash afterward. > > Reviewed-by: Kristian Høgsberg <[email protected]> > Signed-off-by: Justin Dou <[email protected]> > --- > hw/xfree86/dri2/dri2.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c > index 34f735f..5d31e77 100644 > --- a/hw/xfree86/dri2/dri2.c > +++ b/hw/xfree86/dri2/dri2.c > @@ -403,7 +403,7 @@ do_get_buffers(DrawablePtr pDraw, int *width, int *height, > && (pDraw->height == pPriv->height) > && (pPriv->serialNumber == DRI2DrawableSerial(pDraw)); > > - buffers = malloc((count + 1) * sizeof(buffers[0])); > + buffers = calloc((count + 1), sizeof(buffers[0])); > > for (i = 0; i < count; i++) { > const unsigned attachment = *(attachments++);
may be i am pessimistic but what happen when you run OOM ? according to the note above i expected something like: if ( buffers == NULL ) exit(1); (or what ever you do in OOM conditions) re, wh _______________________________________________ [email protected]: X.Org support Archives: http://lists.freedesktop.org/archives/xorg Info: http://lists.freedesktop.org/mailman/listinfo/xorg Your subscription address: [email protected]
