From 4dc91b3e54503a1be555bae5b18f3e52f58be307 Mon Sep 17 00:00:00 2001
From: Pierre Willenbrock <pierre@pirsoft.de>
Date: Tue, 21 Jul 2009 17:21:28 +0200
Subject: Check if new space was actually allocated before freeing.

There will be no new space allocated, if mode != PropModeReplace and
len == 0, or if mode is not one of the handled modes.
This fixes freeing data that is still in use, leading to double frees and
other memory corruption.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 dix/property.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/dix/property.c b/dix/property.c
index 20c18d74a..10b8482b4 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -351,9 +351,14 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
 	access_mode |= DixPostAccess;
 	rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode);
 	if (rc == Success)
-	    xfree(savedProp.data);
-	else {
-	    xfree(pProp->data);
+	{
+	    if (savedProp.data != pProp->data)
+		xfree(savedProp.data);
+	}
+	else
+	{
+	    if (savedProp.data != pProp->data)
+		xfree(pProp->data);
 	    *pProp = savedProp;
 	    return rc;
 	}
-- 
cgit v1.2.3