We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 417

Summary: double free using SDL_VIDEO_X11_MOUSEACCEL
Product: SDL Reporter: Gregory Smith <wolfy>
Component: videoAssignee: Ryan C. Gordon <icculus>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: major    
Priority: P2    
Version: 1.2.11   
Hardware: x86   
OS: Linux   
Attachments: proposed fix
Different proposed fix.

Description Gregory Smith 2007-03-16 20:44:46 UTC
If I set SDL_VIDEO_X11_MOUSEACCEL, I get a double free assertion when SDL tries to free() a buffer it allocated with alloca. Patch to follow.
Comment 1 Gregory Smith 2007-03-16 20:45:31 UTC
Created attachment 199 [details]
proposed fix
Comment 2 Ryan C. Gordon 2007-03-18 16:00:15 UTC
Created attachment 200 [details]
Different proposed fix.


Good catch, but it looks like the condition that the free is based on is bogus, too...mouse_param_buf is never NULL at that point...it probably wanted to make sure all these elements of accel_value are initialized before calling XChangePointerControl(), and should SDL_stack_free() the original buffer in all cases here.

Attached updated patch for comment.

--ryan.
Comment 3 Ryan C. Gordon 2007-04-04 02:17:49 UTC
> Attached updated patch for comment.

Hearing no further comment, I'm applying the patch.

Fixed in svn revision #3005.

--ryan.