diff options
| author | Tiago Vignatti <tiago.vignatti@nokia.com> | 2011-04-04 22:31:42 +0300 |
|---|---|---|
| committer | Tiago Vignatti <tiago.vignatti@nokia.com> | 2011-04-07 19:57:57 +0300 |
| commit | 274dca8f2c6707121d45df8015fe7eddb129dec9 (patch) | |
| tree | a8d7b86449caeaa8c213ffb394535c4221bec050 | |
| parent | f603061e9482ad5caf1975ba5395b3294852d072 (diff) | |
dix: don't free stranger pointers inside AllocARGBCursor
This seems a good convention to follow: if pointers are allocate outside a
given function, then free there as well when a failure occurs.
AllocARGBCursor and its callers were mixing up the freeing of resources and
causing a particular double free inside TileScreenSaver (srcbits and mskbits).
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
| -rw-r--r-- | dix/cursor.c | 5 | ||||
| -rw-r--r-- | dix/dispatch.c | 12 | ||||
| -rw-r--r-- | render/render.c | 12 |
3 files changed, 19 insertions, 10 deletions
diff --git a/dix/cursor.c b/dix/cursor.c index 72a7609dc..c191c1e88 100644 --- a/dix/cursor.c +++ b/dix/cursor.c @@ -241,11 +241,8 @@ AllocARGBCursor(unsigned char *psrcbits, unsigned char *pmaskbits, *ppCurs = NULL; pCurs = (CursorPtr)calloc(CURSOR_REC_SIZE + CURSOR_BITS_SIZE, 1); if (!pCurs) - { - free(psrcbits); - free(pmaskbits); return BadAlloc; - } + bits = (CursorBitsPtr)((char *)pCurs + CURSOR_REC_SIZE); dixInitPrivates(pCurs, pCurs + 1, PRIVATE_CURSOR); dixInitPrivates(bits, bits + 1, PRIVATE_CURSOR_BITS) diff --git a/dix/dispatch.c b/dix/dispatch.c index 601b14a71..192c8c34e 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -2976,11 +2976,17 @@ ProcCreateCursor (ClientPtr client) &pCursor, client, stuff->cid); if (rc != Success) - return rc; - if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) - return BadAlloc; + goto bail; + if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) { + rc = BadAlloc; + goto bail; + } return Success; +bail: + free(srcbits); + free(mskbits); + return rc; } int diff --git a/render/render.c b/render/render.c index c5da6d78f..ebb1d630a 100644 --- a/render/render.c +++ b/render/render.c @@ -1705,11 +1705,17 @@ ProcRenderCreateCursor (ClientPtr client) GetColor(twocolor[1], 0), &pCursor, client, stuff->cid); if (rc != Success) - return rc; - if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) - return BadAlloc; + goto bail; + if (!AddResource(stuff->cid, RT_CURSOR, (pointer)pCursor)) { + rc = BadAlloc; + goto bail; + } return Success; +bail: + free(srcbits); + free(mskbits); + return rc; } static int |