From 81414c1c836ae30628606545edbf7392d9b3d009 Mon Sep 17 00:00:00 2001 From: Tiago Vignatti Date: Thu, 31 Mar 2011 23:44:03 +0300 Subject: [PATCH] xfree86: xv: fix double free in xf86XVFreeAdaptor When xf86XVFreeAdaptor is called more than once in xf86XVInitAdaptors (it may, but not often), the conditional being changed in this patch will always take true path and will keep freeing pAdaptor->pAttributes, thus letting the system error-prone. This patch fix such problem checking for a pointer instead the number of attributes. Such pointer will be deallocated when xf86XVFreeAdaptor is called first and will not let the code re-run in the following calls. This is a bit similar how the surroundings code is already doing. Signed-off-by: Tiago Vignatti Reviewed-by: Jeremy Huddleston --- hw/xfree86/common/xf86xv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/xfree86/common/xf86xv.c b/hw/xfree86/common/xf86xv.c index 53ebe8f88..f87af4c73 100644 --- a/hw/xfree86/common/xf86xv.c +++ b/hw/xfree86/common/xf86xv.c @@ -343,12 +343,13 @@ xf86XVFreeAdaptor(XvAdaptorPtr pAdaptor) free(pAdaptor->pPorts); } - if(pAdaptor->nAttributes) { + if(pAdaptor->pAttributes) { XvAttributePtr pAttribute = pAdaptor->pAttributes; for(i = 0; i < pAdaptor->nAttributes; i++, pAttribute++) free(pAttribute->name); free(pAdaptor->pAttributes); + pAdaptor->pAttributes = NULL; } free(pAdaptor->pImages);