andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Check if new space was actually allocated before freeing.

Browse Source 
There will be no new space allocated, if mode != PropModeReplace and
len == 0, or if mode is not one of the handled modes.
This fixes freeing data that is still in use, leading to double frees and
other memory corruption.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This commit is contained in:
Pierre Willenbrock 2009-07-21 17:21:28 +02:00 committed by Peter Hutterer
parent 9a1bfa5664
commit 4dc91b3e54
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
dix/property.c
View File

@ -351,9 +351,14 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
access_mode |= DixPostAccess;
rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode);
if (rc == Success)
xfree(savedProp.data);
else {
xfree(pProp->data);
{
if (savedProp.data != pProp->data)
xfree(savedProp.data);
}
else
{
if (savedProp.data != pProp->data)
xfree(pProp->data);
*pProp = savedProp;
return rc;
}