Bug 93151 - _csi_intern_string _csi_perm_alloc invalid free()
Summary: _csi_intern_string _csi_perm_alloc invalid free()
Status: RESOLVED MOVED
Alias: None
Product: cairo
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium major
Assignee: Chris Wilson
QA Contact: cairo-bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-28 23:14 UTC by Sami Farin
Modified: 2018-08-25 13:26 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Sami Farin 2015-11-28 23:14:23 UTC 
_csi_intern_string:

    if (istring == NULL) {
        istring = _csi_perm_alloc (ctx,
                                   sizeof (csi_intern_string_t) + len + 1);


_csi_perm_alloc is where the fun happens! (cleaned up a bit)
    csi_chunk_t *chunk = _csi_alloc (ctx, sizeof (csi_chunk_t) + chunk_size);
    chunk->ptr = (char *) (chunk + 1);
    ptr = chunk->ptr;
    return ptr;

in _csi_intern_string , if _csi_hash_table_insert fails:
    _csi_free (ctx, istring);

so basically it does malloc(something) and free(something + sizeof(csi_chunk_t)).
Comment 1 Sami Farin 2015-11-29 12:31:48 UTC 
I meant to say free(malloc(something) + sizeof(csi_chunk_t))
Comment 2 GitLab Migration User 2018-08-25 13:26:14 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/5.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.