Yes, I can confirm that those packages appear to resolve my problem as well.
Thanks for the quick response!
On Thu, Dec 22, 2016 at 1:27 PM Emilio Pozuelo Monfort <po...@debian.org>
wrote:
> Hi,
>
> On 21/12/16 23:07, Thomas Walker wrote:
> > Package: libxi
> > Version: 1.6.1-1+deb7u2
> >
> > After updating the above package (from deb7u1), various applications
> > (google-chrome-stable notably) begin to crash with messages indicating an
> > attempt to free an invalid pointer. Upon looking into the issue
> further, I
> > noticed that the following addition to XIQueryDevice.c is flawed:
> >
> > @@ -103,7 +130,17 @@
> > SyncHandle();
> > return info;
> >
> > +error_loop:
> > + while (--i >= 0)
> > + {
> > + Xfree(info[i].name);
> > + Xfree(info[i].classes);
> > + }
> > error:
> > + Xfree(info);
> > + Xfree(buf);
> > UnlockDisplay(dpy);
> > SyncHandle();
> >
> > There are 3 places that "goto error", two before info and buf are
> allocated, and
> > one after we've checked and found one (or both) to be NULL. Moving those
> > Xfree()s up a couple of lines into error_loop (where we know they are
> already
> > allocated) fixes the problem.
>
> Thanks for your report. I have tried a different approach, initializing the
> buffer to NULL, as Xfree(NULL) is safe (as Xfree is just a wrapper around
> free).
>
> Moving the Xfree()s to error_loop would avoid this, but it could leak
> memory if
> one of the two allocations fail (however unlikely that is).
>
> Can you try the packages at https://people.debian.org/~pochu/lts/libxi/ ?
>
> Thanks,
> Emilio
>
