From d51915f873da8d40740a908c86f02e972e358be9 Mon Sep 17 00:00:00 2001
From: Andrea Canciani <ranma42@gmail.com>
Date: Wed, 4 Nov 2009 16:15:48 +0100
Subject: xlib: Fix double free

Both _cairo_xlib_call_close_display_hooks and _cairo_xlib_screen_destroy
invoke _cairo_xlib_screen_close_display, which frees all the cached
GCs, but (if HAS_ATOMIC_OPS is undefined) doesn't mark them as freed,
thus freeing them agin upon the second invocation.
---
 src/cairo-xlib-screen.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/cairo-xlib-screen.c')

diff --git a/src/cairo-xlib-screen.c b/src/cairo-xlib-screen.c
index 8e29475b..09a2a810 100644
--- a/src/cairo-xlib-screen.c
+++ b/src/cairo-xlib-screen.c
@@ -282,6 +282,7 @@ _cairo_xlib_screen_close_display (cairo_xlib_screen_t *info)
     } while (_cairo_atomic_int_cmpxchg (&info->gc_depths, old, 0) != old);
 #else
     old = info->gc_depths;
+    info->gc_depths = 0;
 #endif
 
     for (i = 0; i < ARRAY_LENGTH (info->gc); i++) {
-- 
cgit v1.2.3