Created attachment 54603 [details] Patch containing my fix to the bug. While using valgrind to look for memory leaks in a touchscreen driver I'm working on, I stumbled upon the following: The crtc->desiredMode element contains a copy of the desired mode, including a copy of the pointer to the mode name. When entering/leaving virtual terminal, the original mode & name get freed, leaving crtc->desiredMode.name pointing to freed memory. This free memory is read accessed later when the desired mode is copied. This did not cause a crash in my instance, thought it theoretically could. I have attached patch files with my fix for your reference. Server was built by me from git code, and is version 1.11.99.1 Thanks, Tony DeFeo
Created attachment 54609 [details] [review] Updated patch to fix bug (original patch was missing a null check).
> --- Comment #1 from Tony DeFeo <tdefeo@itsgames.com> 2011-12-20 11:38:59 PST --- > Created attachment 54609 [details] [review] > --> https://bugs.freedesktop.org/attachment.cgi?id=54609 > Updated patch to fix bug (original patch was missing a null check). > Could you please send the patch to xorg-devel@lists.x.org per http://www.x.org/wiki/Development/Documentation/SubmittingPatches?
Use C comments, not C++ comments (ie /* ... */ rather than // ....)
Tony: ping
I think this is fixed by http://cgit.freedesktop.org/xorg/xserver/commit/?id=deb08658e2a6b1647a7213a316c6f3019bcdce48 *** This bug has been marked as a duplicate of bug 36108 ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.