Yes, I can confirm that those packages appear to resolve my problem as well. Thanks for the quick response!
On Thu, Dec 22, 2016 at 1:27 PM Emilio Pozuelo Monfort <po...@debian.org> wrote: > Hi, > > On 21/12/16 23:07, Thomas Walker wrote: > > Package: libxi > > Version: 1.6.1-1+deb7u2 > > > > After updating the above package (from deb7u1), various applications > > (google-chrome-stable notably) begin to crash with messages indicating an > > attempt to free an invalid pointer. Upon looking into the issue > further, I > > noticed that the following addition to XIQueryDevice.c is flawed: > > > > @@ -103,7 +130,17 @@ > > SyncHandle(); > > return info; > > > > +error_loop: > > + while (--i >= 0) > > + { > > + Xfree(info[i].name); > > + Xfree(info[i].classes); > > + } > > error: > > + Xfree(info); > > + Xfree(buf); > > UnlockDisplay(dpy); > > SyncHandle(); > > > > There are 3 places that "goto error", two before info and buf are > allocated, and > > one after we've checked and found one (or both) to be NULL. Moving those > > Xfree()s up a couple of lines into error_loop (where we know they are > already > > allocated) fixes the problem. > > Thanks for your report. I have tried a different approach, initializing the > buffer to NULL, as Xfree(NULL) is safe (as Xfree is just a wrapper around > free). > > Moving the Xfree()s to error_loop would avoid this, but it could leak > memory if > one of the two allocations fail (however unlikely that is). > > Can you try the packages at https://people.debian.org/~pochu/lts/libxi/ ? > > Thanks, > Emilio >