Patch for dangling disp->DriverData pointer in error path
Submitted by John Wehle
Assigned to mes..@..op.org
Description
Created attachment 122571 Patch for problem.
Noticed while looking at a crash the following code pattern:
dri2_dpy = calloc(1, sizeof *dri2_dpy);
disp->DriverData = (void *) dri2_dpy;
...
if error goto cleanup
return success
cleanup: free(dri2_dpy)
return failure
The problem being that on failure disp->DriverData is left pointing to memory which has already been freed. Granted no one should be accessing it after a failure, however if someone does then random things may occur. The attached patch sets disp->DriverData to NULL on failure so that more predictable behavior occurs if someone does happen to accesses it.
Attachment 122571, "Patch for problem.":
egl-dangle.txt
Version: 11.1