Bug 93151

Summary: _csi_intern_string _csi_perm_alloc invalid free()
Product: cairo Reporter: Sami Farin <hvtaifwkbgefbaei>
Component: generalAssignee: Chris Wilson <chris>
Status: RESOLVED MOVED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: major    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Sami Farin 2015-11-28 23:14:23 UTC 
_csi_intern_string:

    if (istring == NULL) {
        istring = _csi_perm_alloc (ctx,
                                   sizeof (csi_intern_string_t) + len + 1);


_csi_perm_alloc is where the fun happens! (cleaned up a bit)
    csi_chunk_t *chunk = _csi_alloc (ctx, sizeof (csi_chunk_t) + chunk_size);
    chunk->ptr = (char *) (chunk + 1);
    ptr = chunk->ptr;
    return ptr;

in _csi_intern_string , if _csi_hash_table_insert fails:
    _csi_free (ctx, istring);

so basically it does malloc(something) and free(something + sizeof(csi_chunk_t)).
Comment 1 Sami Farin 2015-11-29 12:31:48 UTC 
I meant to say free(malloc(something) + sizeof(csi_chunk_t))
Comment 2 GitLab Migration User 2018-08-25 13:26:14 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/5.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.