> OK, I've a question: why do you remove the code entirely? presumably this is supposed to get freed at some point, just not twice, so I left it in there for someone to try to dig into it (presumably the original commiter/patch provider). Near as I can tell, this code is the only code that actually frees that value, but it wasn't clear from looking at it if I could/should just do away with it or if the free should only be called under certain circumstances.
> Didn't it help enough to make tmp_win->HiliteImage NULL? no. It still ended up freeing memory that was already freed. I'm not quite clear on where it got the value from to pass in after setting it to NULL. I'm deducing this from looking at the core dump of running (under bash on NetBSD): MALLOC_OPTIONS='A<' ctwm which forces a core dump when the double free is attempted. gdb of the core dump indicated the double-free was at the free(tmp_win->HiliteImage); This definately perplexed and continues to perplex me, though I didn't dig into where HiliteImage is allocated too deeply. -Todd