| Summary: | read_EncodingInfo invalid free | ||
|---|---|---|---|
| Product: | xorg | Reporter: | Sami Farin <hvtaifwkbgefbaei> |
| Component: | Lib/Xlib | Assignee: | Xorg Project Team <xorg-team> |
| Status: | RESOLVED FIXED | QA Contact: | Xorg Project Team <xorg-team> |
| Severity: | major | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
Proposed fix posted for review: http://patchwork.freedesktop.org/patch/67088/ Fix pushed to git master: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=07a97b3944467dce085a1efd24706cc851d2caf2 |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
snipped some lines FontData font_data = Xcalloc(count, sizeof(FontDataRec)); for ( ; count-- > 0; font_data++) { font_data->name = Xmalloc(len + 1); if (font_data->name == NULL) { Xfree(font_data); return NULL; } if count>0 and Xmalloc(len + 1) fails after first for loop, free() is called on invalid pointer (malloc()ed ptr font_data offset by 280 bytes on my system). did you mean to Xfree(ret) ? you also leak the other successful font_data->name malloc()s doing this.