rpms / xscreensaver

Clone
Source Code
GIT

Files

  1.   2d38cb6ef77e6259718b2aa22a3ede9111fea561
  2.   xscreensaver-5.44-0103-FuzzyFlakesFreeFlake-avoid-double-free-on-subsequent.patch
Blob Blame History Raw 
From c3c2ae959fe46d9acccbebc04e20ef026753b7a8 Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Sat, 3 Oct 2020 22:41:51 +0900
Subject: [PATCH] FuzzyFlakesFreeFlake: avoid double free on subsequent calls

When window size of hack changes, for example, X ConfigureNotify events can be triggered
consecutively. In such cases, FuzzyFlakesFreeFlake() is called for multiple times,
but currently flake->Colors.Back or so are just freed but not reset to 0, so
it is not set again in FuzzyFlakesInit(). And in the next FuzzyFlakesFreeFlake(),
double free occurs like:

=================================================================
==847140==ERROR: AddressSanitizer: attempting double-free on 0x6020000041b0 in thread T0:
    #0 0x7fb8d0d650c7 in __interceptor_free (/lib64/libasan.so.6+0xab0c7)
    #1 0x40856c in FuzzyFlakesFreeFlake ../../hacks/fuzzyflakes.c:449
    #2 0x40ee18 in fuzzyflakes_reshape ../../hacks/fuzzyflakes.c:598
    #3 0x406a56 in screenhack_table_handle_events ../../hacks/screenhack.c:459
    #4 0x406a56 in usleep_and_process_events ../../hacks/screenhack.c:526
    #5 0x406a56 in run_screenhack_table ../../hacks/screenhack.c:586
    #6 0x406a56 in main ../../hacks/screenhack.c:991
    #7 0x7fb8cfdc61a1 in __libc_start_main ../csu/libc-start.c:314
    #8 0x40805d in _start (/home/foo/xscreensaver-5.44/x86_64-pc-linux-gnu/hacks/fuzzyflakes+0x40805d)

0x6020000041b0 is located 0 bytes inside of 9-byte region [0x6020000041b0,0x6020000041b9)
freed by thread T0 here:
    #0 0x7fb8d0d650c7 in __interceptor_free (/lib64/libasan.so.6+0xab0c7)
    #1 0x40856c in FuzzyFlakesFreeFlake ../../hacks/fuzzyflakes.c:449

previously allocated by thread T0 here:
    #0 0x7fb8d0d653cf in __interceptor_malloc (/lib64/libasan.so.6+0xab3cf)
    #1 0x414799 in get_string_resource ../../utils/resources.c:54
    #2 0x429977  (/home/foo/xscreensaver-5.44/x86_64-pc-linux-gnu/hacks/fuzzyflakes+0x429977)

SUMMARY: AddressSanitizer: double-free (/lib64/libasan.so.6+0xab0c7) in __interceptor_free
==847140==ABORTING
---
 hacks/fuzzyflakes.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hacks/fuzzyflakes.c b/hacks/fuzzyflakes.c
index d655ca9..db6524c 100644
--- a/hacks/fuzzyflakes.c
+++ b/hacks/fuzzyflakes.c
@@ -447,8 +447,11 @@ FuzzyFlakesFreeFlake(Flake *flake)
    if (flake->DB.ba) XFreePixmap(flake->dpy, flake->DB.ba);
    XFreeGC (flake->dpy, flake->GCVar);
    if (flake->Colors.Back) free (flake->Colors.Back);
+   flake->Colors.Back = 0;
    if (flake->Colors.Fore) free (flake->Colors.Fore);
+   flake->Colors.Fore = 0;
    if (flake->Colors.Bord) free (flake->Colors.Bord);
+   flake->Colors.Bord = 0;
 }
 
 static void
-- 
2.28.0
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.