Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010-09-28 Thread Keith Packard
On Thu, 23 Sep 2010 09:04:11 -0400, Kristian Høgsberg wrote: > Signed-off-by: Kristian Høgsberg > --- > > Chris Wilson points out that we were still accessing c->next after free. > Here's an updated version that fixes that. I've merged this patch (and attempted to collect all of the *-by: line

Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010-09-27 Thread Jeremy Huddleston
On Sep 27, 2010, at 05:42, Kristian Høgsberg wrote: ... > Jeremy, does the above explanation satisfy your concerns? Keith, do > you want to pick this up for master? Yes, thanks. > >>> On Sep 23, 2010, at 06:04, Kristian Høgsberg wrote: >>> Signed-off-by: Kristian Høgsberg ---

Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010-09-27 Thread Kristian Høgsberg
2010/9/23 Kristian Høgsberg : > 2010/9/23 Jeremy Huddleston : >> That seems off to me.  This is doing more than changing the c->next >> dereference.  You're now freeing it where you weren't before. >> >> Previously, you freed it inside: >> if (c->isCurrent && (c->drawPriv == glxPriv || c->readPriv

Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010-09-23 Thread Kristian Høgsberg
2010/9/23 Jeremy Huddleston : > That seems off to me.  This is doing more than changing the c->next > dereference.  You're now freeing it where you weren't before. > > Previously, you freed it inside: > if (c->isCurrent && (c->drawPriv == glxPriv || c->readPriv == glxPriv)) >    if(!c->idExists) >

Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010-09-23 Thread Jeremy Huddleston
That seems off to me. This is doing more than changing the c->next dereference. You're now freeing it where you weren't before. Previously, you freed it inside: if (c->isCurrent && (c->drawPriv == glxPriv || c->readPriv == glxPriv)) if(!c->idExists) Now, you free it inside: if (!c->idExist

Re: [PATCH v2] glx: Fix use after free in DrawableGone

2010-09-23 Thread Chris Wilson
On Thu, 23 Sep 2010 09:04:11 -0400, Kristian Høgsberg wrote: > Signed-off-by: Kristian Høgsberg Now that is starting to look familiar ;-) Reported-by: Julien Cristau Tested-by: Chris Wilson -- Chris Wilson, Intel Open Source Technology Centre _

[PATCH v2] glx: Fix use after free in DrawableGone

2010-09-23 Thread Kristian Høgsberg
Signed-off-by: Kristian Høgsberg --- Chris Wilson points out that we were still accessing c->next after free. Here's an updated version that fixes that. Kristian glx/glxext.c | 11 +-- 1 files changed, 5 insertions(+), 6 deletions(-) diff --git a/glx/glxext.c b/glx/glxext.c index e2