Here's a patch at the source of the problem (a double free() while
doing error recorevy in libXdmcp. It will also help if one
finds another way to feed libXdmcp with incorrect data.
Index: xc/lib/Xdmcp/DA16.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA16.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- DA16.c 1997/09/05 08:59:52 1.1.1.1
+++ DA16.c 1998/04/17 11:30:08 1.3
@@ -37,7 +37,8 @@
XdmcpDisposeARRAY16 (array)
ARRAY16Ptr array;
{
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/DA32.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA32.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- DA32.c 1997/09/05 08:59:52 1.1.1.1
+++ DA32.c 1998/04/17 10:09:49 1.2
@@ -37,7 +37,8 @@
XdmcpDisposeARRAY32 (array)
ARRAY32Ptr array;
{
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/DA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- DA8.c 1997/09/05 08:59:52 1.1.1.1
+++ DA8.c 1998/04/17 10:09:51 1.2
@@ -37,7 +37,8 @@
XdmcpDisposeARRAY8 (array)
ARRAY8Ptr array;
{
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/DAofA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DAofA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- DAofA8.c 1997/09/05 08:59:52 1.1.1.1
+++ DAofA8.c 1998/04/17 11:30:09 1.3
@@ -41,7 +41,8 @@
for (i = 0; i < (int)array->length; i++)
XdmcpDisposeARRAY8 (&array->data[i]);
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/RA16.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA16.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA16.c 1997/09/05 08:59:53 1.1.1.1
+++ RA16.c 1998/04/17 10:09:53 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadCARD16 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Index: xc/lib/Xdmcp/RA32.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA32.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA32.c 1997/09/05 08:59:53 1.1.1.1
+++ RA32.c 1998/04/17 10:09:54 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadCARD32 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Index: xc/lib/Xdmcp/RA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA8.c 1997/09/05 08:59:53 1.1.1.1
+++ RA8.c 1998/04/17 10:09:55 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadCARD8 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Index: xc/lib/Xdmcp/RAofA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RAofA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RAofA8.c 1997/09/05 08:59:53 1.1.1.1
+++ RAofA8.c 1998/04/17 10:09:57 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadARRAY8 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Matthieu
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:42 PDT