From 274dca8f2c6707121d45df8015fe7eddb129dec9 Mon Sep 17 00:00:00 2001
From: Tiago Vignatti <tiago.vignatti@nokia.com>
Date: Mon, 4 Apr 2011 22:31:42 +0300
Subject: dix: don't free stranger pointers inside AllocARGBCursor

This seems a good convention to follow: if pointers are allocate outside a
given function, then free there as well when a failure occurs.

AllocARGBCursor and its callers were mixing up the freeing of resources and
causing a particular double free inside TileScreenSaver (srcbits and mskbits).

Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
---
 dix/cursor.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'dix/cursor.c')

diff --git a/dix/cursor.c b/dix/cursor.c
index 72a7609dc..c191c1e88 100644
--- a/dix/cursor.c
+++ b/dix/cursor.c
@@ -241,11 +241,8 @@ AllocARGBCursor(unsigned char *psrcbits, unsigned char *pmaskbits,
     *ppCurs = NULL;
     pCurs = (CursorPtr)calloc(CURSOR_REC_SIZE + CURSOR_BITS_SIZE, 1);
     if (!pCurs)
-    {
-	free(psrcbits);
-	free(pmaskbits);
 	return BadAlloc;
-    }
+
     bits = (CursorBitsPtr)((char *)pCurs + CURSOR_REC_SIZE);
     dixInitPrivates(pCurs, pCurs + 1, PRIVATE_CURSOR);
     dixInitPrivates(bits, bits + 1, PRIVATE_CURSOR_BITS)
-- 
cgit v1.2.3