diff options
author | Pierre Willenbrock <pierre@pirsoft.de> | 2009-07-21 17:21:28 +0200 |
---|---|---|
committer | Peter Hutterer <peter.hutterer@who-t.net> | 2009-07-22 12:13:04 +1000 |
commit | 4dc91b3e54503a1be555bae5b18f3e52f58be307 (patch) | |
tree | 1f706244a9959137a6f69e9b76ed7b9162b1c570 /dix/property.c | |
parent | 9a1bfa5664a80f03cedeb89b9f8a86115a08e7af (diff) |
Check if new space was actually allocated before freeing.
There will be no new space allocated, if mode != PropModeReplace and
len == 0, or if mode is not one of the handled modes.
This fixes freeing data that is still in use, leading to double frees and
other memory corruption.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'dix/property.c')
-rw-r--r-- | dix/property.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/dix/property.c b/dix/property.c index 20c18d74a..10b8482b4 100644 --- a/dix/property.c +++ b/dix/property.c @@ -351,9 +351,14 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property, access_mode |= DixPostAccess; rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode); if (rc == Success) - xfree(savedProp.data); - else { - xfree(pProp->data); + { + if (savedProp.data != pProp->data) + xfree(savedProp.data); + } + else + { + if (savedProp.data != pProp->data) + xfree(pProp->data); *pProp = savedProp; return rc; } |