Check if new space was actually allocated before freeing.

There will be no new space allocated, if mode != PropModeReplace and len == 0, or if mode is not one of the handled modes. This fixes freeing data that is still in use, leading to double frees and other memory corruption. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
author: Pierre Willenbrock <pierre@pirsoft.de> 2009-07-21 17:21:28 +0200
committer: Peter Hutterer <peter.hutterer@who-t.net> 2009-07-22 12:13:04 +1000
commit: 4dc91b3e54503a1be555bae5b18f3e52f58be307 (patch)
tree: 1f706244a9959137a6f69e9b76ed7b9162b1c570
parent: 9a1bfa5664a80f03cedeb89b9f8a86115a08e7af (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/dix/property.c b/dix/property.c
index 20c18d74a..10b8482b4 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -351,9 +351,14 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
 	access_mode |= DixPostAccess;
 	rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode);
 	if (rc == Success)
-	    xfree(savedProp.data);
-	else {
-	    xfree(pProp->data);
+	{
+	    if (savedProp.data != pProp->data)
+		xfree(savedProp.data);
+	}
+	else
+	{
+	    if (savedProp.data != pProp->data)
+		xfree(pProp->data);
 	    *pProp = savedProp;
 	    return rc;
 	}
author	Pierre Willenbrock <pierre@pirsoft.de>	2009-07-21 17:21:28 +0200
committer	Peter Hutterer <peter.hutterer@who-t.net>	2009-07-22 12:13:04 +1000
commit	4dc91b3e54503a1be555bae5b18f3e52f58be307 (patch)
tree	1f706244a9959137a6f69e9b76ed7b9162b1c570
parent	9a1bfa5664a80f03cedeb89b9f8a86115a08e7af (diff)