From df16b789aaf5fe7025e5661117477a5f6f9129ee Mon Sep 17 00:00:00 2001
From: Dave Airlie <airlied@redhat.com>
Date: Wed, 19 Oct 2011 16:57:13 +0100
Subject: xaa: avoid possible freed pointer reuse in epilogue

If the pGCPriv->flags == 2, then we try to assign the freed pGCPriv->XAAOps
avoid this by clearing the flags in to be destroyed pGCPriv.

Reported by coverity.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
(cherry picked from commit 1049139499d9132a20cd6d4d156fe9da9cddb6c2)
---
 hw/xfree86/xaa/xaaGC.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/xfree86/xaa/xaaGC.c b/hw/xfree86/xaa/xaaGC.c
index 44d50e6b6..1bc35d9f3 100644
--- a/hw/xfree86/xaa/xaaGC.c
+++ b/hw/xfree86/xaa/xaaGC.c
@@ -239,6 +239,7 @@ XAADestroyGC(GCPtr pGC)
 	free(pGCPriv->XAAOps);
 
     free(pGCPriv->DashPattern);
+    pGCPriv->flags = 0;
 
     (*pGC->funcs->DestroyGC)(pGC);
     XAA_GC_FUNC_EPILOGUE (pGC);
-- 
cgit v1.2.3