Created attachment 54603 [details]
Patch containing my fix to the bug.
While using valgrind to look for memory leaks in a touchscreen driver I'm working on, I stumbled upon the following:
The crtc->desiredMode element contains a copy of the desired mode, including a copy of the pointer to the mode name. When entering/leaving virtual terminal, the original mode & name get freed, leaving crtc->desiredMode.name pointing to freed memory. This free memory is read accessed later when the desired mode is copied.
This did not cause a crash in my instance, thought it theoretically could.
I have attached patch files with my fix for your reference.
Server was built by me from git code, and is version 126.96.36.199
Created attachment 54609 [details] [review]
Updated patch to fix bug (original patch was missing a null check).
> --- Comment #1 from Tony DeFeo <email@example.com> 2011-12-20 11:38:59 PST ---
> Created attachment 54609 [details] [review]
> --> https://bugs.freedesktop.org/attachment.cgi?id=54609
> Updated patch to fix bug (original patch was missing a null check).
Could you please send the patch to firstname.lastname@example.org per
Use C comments, not C++ comments (ie /* ... */ rather than // ....)
I think this is fixed by
*** This bug has been marked as a duplicate of bug 36108 ***