diff options
| author | Chris Wilson <chris@chris-wilson.co.uk> | 2012-03-20 21:36:26 +0000 |
|---|---|---|
| committer | Chris Wilson <chris@chris-wilson.co.uk> | 2012-03-20 21:36:26 +0000 |
| commit | f49a6b1fd7e23252b2a306f8bdb9baed5c1e8d4b (patch) | |
| tree | 1a9a08e40b4d1a1b1b57f5b1f2036ef0e06ed653 | |
| parent | 1bdd6461de18a6812d5af0283f4222cbb80ca2f8 (diff) | |
sna: Decouple the private data after UnrealizeFont
As the font is kept around and reused after UnrealizeFont, we need to
nullify the pointer to our private data in order to prevent the later
use-after-free.
Reported-by: Peter Jordan
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
| -rw-r--r-- | src/sna/sna_accel.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/sna/sna_accel.c b/src/sna/sna_accel.c index c7f041e7..33e08bef 100644 --- a/src/sna/sna_accel.c +++ b/src/sna/sna_accel.c @@ -10183,6 +10183,7 @@ sna_unrealize_font(ScreenPtr screen, FontPtr font) for (n = 0; n < 256; n++) free(priv->glyphs16[n]); free(priv); + FontSetPrivate(font, sna_font_key, NULL); } return TRUE; |