Fix use after free when font server connection lost (!9) · Merge requests · xorg / lib / libXfont

Peter Harris requested to merge peterh/libxfont:master into master Mar 02, 2021

If there are multiple blocks waiting for the same font, only one of them will have ->freeFont set. The rest will be in a state of FS_DEPENDING.

If the font server dies before the font finishes opening, the block with ->freeFont set will call ->unload_font, invalidating the pfont pointers in the remaining FS_DEPENDING blocks.

Avoid a use after free (and potential crash) by passing conn to fs_cleanup_font instead of dereferencing pfont to find the conn.

Signed-off-by: Peter Harris pharris@opentext.com

Admin message

Fix use after free when font server connection lost

Merge request reports