From b45e22675364915c32560c26404cf30d77ab68aa Mon Sep 17 00:00:00 2001 From: Alan Hourihane Date: Tue, 4 Oct 2011 19:42:46 -0700 Subject: dixfonts: Don't overwrite local c variable until new_closure is safely initialized. Signed-off-by: Alan Hourihane Reviewed-by: Jeremy Huddleston (cherry picked from commit 7a33c5b934382b5554f41ab1502514e91c9bc52e) --- dix/dixfonts.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/dix/dixfonts.c b/dix/dixfonts.c index fbac124da..d2bcb84ea 100644 --- a/dix/dixfonts.c +++ b/dix/dixfonts.c @@ -1302,31 +1302,30 @@ doPolyText(ClientPtr client, PTclosurePtr c) goto bail; } *new_closure = *c; - c = new_closure; - len = c->endReq - c->pElt; - c->data = malloc(len); - if (!c->data) + len = new_closure->endReq - new_closure->pElt; + new_closure->data = malloc(len); + if (!new_closure->data) { - free(c); + free(new_closure); err = BadAlloc; goto bail; } - memmove(c->data, c->pElt, len); - c->pElt = c->data; - c->endReq = c->pElt + len; + memmove(new_closure->data, new_closure->pElt, len); + new_closure->pElt = new_closure->data; + new_closure->endReq = new_closure->pElt + len; /* Step 2 */ - pGC = GetScratchGC(c->pGC->depth, c->pGC->pScreen); + pGC = GetScratchGC(new_closure->pGC->depth, new_closure->pGC->pScreen); if (!pGC) { - free(c->data); - free(c); + free(new_closure->data); + free(new_closure); err = BadAlloc; goto bail; } - if ((err = CopyGC(c->pGC, pGC, GCFunction | + if ((err = CopyGC(new_closure->pGC, pGC, GCFunction | GCPlaneMask | GCForeground | GCBackground | GCFillStyle | GCTile | GCStipple | @@ -1337,15 +1336,16 @@ doPolyText(ClientPtr client, PTclosurePtr c) Success) { FreeScratchGC(pGC); - free(c->data); - free(c); + free(new_closure->data); + free(new_closure); err = BadAlloc; goto bail; } + c = new_closure; origGC = c->pGC; c->pGC = pGC; ValidateGC(c->pDraw, c->pGC); - + ClientSleep(client, (ClientSleepProcPtr)doPolyText, c); /* Set up to perform steps 3 and 4 */ -- cgit v1.2.3