From 563db909bcf965b6103c1807bf9f00ede957077d Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun, 27 Jan 2013 13:55:50 -0800
Subject: [PATCH] Avoid memory leak on realloc failure in
 localRegisterFreeBoxCallback

Also avoids leaving invalid pointers in structures if realloc had to
move them elsewhere to make them larger.

Found by parfait 1.1 code analyzer:
   Memory leak of pointer 'newCallbacks' allocated with realloc(((char*)offman->FreeBoxesUpdateCallback), (8 * (offman->NumCallbacks + 1)))
        at line 328 of hw/xfree86/common/xf86fbman.c in function 'localRegisterFreeBoxCallback'.
          'newCallbacks' allocated at line 320 with realloc(((char*)offman->FreeBoxesUpdateCallback), (8 * (offman->NumCallbacks + 1))).
          newCallbacks leaks when newCallbacks != NULL at line 327.
   Memory leak of pointer 'newPrivates' allocated with realloc(((char*)offman->devPrivates), (8 * (offman->NumCallbacks + 1)))
        at line 328 of hw/xfree86/common/xf86fbman.c in function 'localRegisterFreeBoxCallback'.
          'newPrivates' allocated at line 324 with realloc(((char*)offman->devPrivates), (8 * (offman->NumCallbacks + 1))).
          newPrivates leaks when newCallbacks == NULL at line 327.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 hw/xfree86/common/xf86fbman.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/xfree86/common/xf86fbman.c b/hw/xfree86/common/xf86fbman.c
index c2e7bab9f..4da6af2b6 100644
--- a/hw/xfree86/common/xf86fbman.c
+++ b/hw/xfree86/common/xf86fbman.c
@@ -320,15 +320,17 @@ localRegisterFreeBoxCallback(ScreenPtr pScreen,
     newCallbacks = realloc(offman->FreeBoxesUpdateCallback,
                            sizeof(FreeBoxCallbackProcPtr) *
                            (offman->NumCallbacks + 1));
+    if (!newCallbacks)
+        return FALSE;
+    else
+        offman->FreeBoxesUpdateCallback = newCallbacks;
 
     newPrivates = realloc(offman->devPrivates,
                           sizeof(DevUnion) * (offman->NumCallbacks + 1));
-
-    if (!newCallbacks || !newPrivates)
+    if (!newPrivates)
         return FALSE;
-
-    offman->FreeBoxesUpdateCallback = newCallbacks;
-    offman->devPrivates = newPrivates;
+    else
+        offman->devPrivates = newPrivates;
 
     offman->FreeBoxesUpdateCallback[offman->NumCallbacks] = FreeBoxCallback;
     offman->devPrivates[offman->NumCallbacks].ptr = devPriv;