dix: Fix a double free in dixFreePrivates.

It can be reproduced when the server is regenerated and for some reason the private keys are reassigned in a different order: a manually allocated private may get an index formerly used by a preallocated private. In that case it will first be manually freed and then again by dixFreePrivates, as items[i].size was never zeroed out. Do it in dixResetPrivates. Signed-off-by: Francisco Jerez <currojerez@riseup.net> Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Keith Packard <keithp@keithp.com>
author: Francisco Jerez <currojerez@riseup.net> 2009-10-05 02:39:03 +0200
committer: Keith Packard <keithp@keithp.com> 2009-10-07 16:22:46 -0700
commit: 4151a13c80f3afa43f88afcf19a7aeb16dace93a (patch)
tree: d33c22f3f4d9b8e14a07fa0ba5eee190e5872747 /dix/privates.c
parent: 44efcdde501d54ca9c3e33ab5b1f699956fc3f9f (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/dix/privates.c b/dix/privates.c
index 3a2deb85c..e3e727462 100644
--- a/dix/privates.c
+++ b/dix/privates.c
@@ -303,6 +303,7 @@ dixResetPrivates(void)
     /* reset private descriptors */
     for (i = 1; i < nextPriv; i++) {
 	*items[i].key = 0;
+	items[i].size = 0;
 	DeleteCallbackList(&items[i].initfuncs);
 	DeleteCallbackList(&items[i].deletefuncs);
     }
author	Francisco Jerez <currojerez@riseup.net>	2009-10-05 02:39:03 +0200
committer	Keith Packard <keithp@keithp.com>	2009-10-07 16:22:46 -0700
commit	4151a13c80f3afa43f88afcf19a7aeb16dace93a (patch)
tree	d33c22f3f4d9b8e14a07fa0ba5eee190e5872747 /dix/privates.c
parent	44efcdde501d54ca9c3e33ab5b1f699956fc3f9f (diff)