We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 417 - double free using SDL_VIDEO_X11_MOUSEACCEL
Summary: double free using SDL_VIDEO_X11_MOUSEACCEL
Status: RESOLVED FIXED
Alias: None
Product: SDL
Classification: Unclassified
Component: video (show other bugs)
Version: 1.2.11
Hardware: x86 Linux
: P2 major
Assignee: Ryan C. Gordon
QA Contact: Sam Lantinga
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-16 20:44 UTC by Gregory Smith
Modified: 2007-04-04 02:17 UTC (History)
0 users

See Also:

Attachments
proposed fix (426 bytes, patch)
2007-03-16 20:45 UTC, Gregory Smith 		Details | Diff
Different proposed fix. (547 bytes, patch)
2007-03-18 16:00 UTC, Ryan C. Gordon 		Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gregory Smith 2007-03-16 20:44:46 UTC 
If I set SDL_VIDEO_X11_MOUSEACCEL, I get a double free assertion when SDL tries to free() a buffer it allocated with alloca. Patch to follow.
Comment 1 Gregory Smith 2007-03-16 20:45:31 UTC 
Created attachment 199 [details]
proposed fix
Comment 2 Ryan C. Gordon 2007-03-18 16:00:15 UTC 
Created attachment 200 [details]
Different proposed fix.


Good catch, but it looks like the condition that the free is based on is bogus, too...mouse_param_buf is never NULL at that point...it probably wanted to make sure all these elements of accel_value are initialized before calling XChangePointerControl(), and should SDL_stack_free() the original buffer in all cases here.

Attached updated patch for comment.

--ryan.
Comment 3 Ryan C. Gordon 2007-04-04 02:17:49 UTC 
> Attached updated patch for comment.

Hearing no further comment, I'm applying the patch.

Fixed in svn revision #3005.

--ryan.