frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check if new space was actually allocated before freeing. 

There will be no new space allocated, if mode != PropModeReplace and
len == 0, or if mode is not one of the handled modes.
This fixes freeing data that is still in use, leading to double frees and
other memory corruption.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This commit is contained in:
Pierre Willenbrock 2009-07-21 17:21:28 +02:00 committed by Peter Hutterer
parent 9a1bfa5664
commit 4dc91b3e54
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dix/property.c
View File

@ -351,8 +351,13 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
access_mode |= DixPostAccess; access_mode |= DixPostAccess;
rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode); rc = XaceHookPropertyAccess(pClient, pWin, &pProp, access_mode);
if (rc == Success) if (rc == Success)
{
if (savedProp.data != pProp->data)
xfree(savedProp.data); xfree(savedProp.data);
else { }
else
{
if (savedProp.data != pProp->data)
xfree(pProp->data); xfree(pProp->data);
*pProp = savedProp; *pProp = savedProp;
return rc; return rc;