Patch for dangling disp->DriverData pointer in error path
Submitted by John Wehle
Assigned to mes..@..op.org
Created attachment 122571 Patch for problem.
Noticed while looking at a crash the following code pattern:
dri2_dpy = calloc(1, sizeof *dri2_dpy); disp->DriverData = (void *) dri2_dpy; ... if error goto cleanup return success
The problem being that on failure disp->DriverData is left pointing to memory which has already been freed. Granted no one should be accessing it after a failure, however if someone does then random things may occur. The attached patch sets disp->DriverData to NULL on failure so that more predictable behavior occurs if someone does happen to accesses it.
Attachment 122571, "Patch for problem.":