patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2013-4396.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

--- ./dix/dixfonts.c.orig	2010-05-03 19:47:57.000000000 -0500
+++ ./dix/dixfonts.c	2013-10-09 21:45:40.215770648 -0500
@@ -1508,6 +1508,7 @@
 	    GC *pGC;
 	    unsigned char *data;
 	    ITclosurePtr new_closure;
+            ITclosurePtr old_closure;
 
 	    /* We're putting the client to sleep.  We need to
 	       save some state.  Similar problem to that handled
@@ -1520,6 +1521,7 @@
 		err = BadAlloc;
 		goto bail;
 	    }
+	    old_closure = c;
 	    *new_closure = *c;
 	    c = new_closure;
 
@@ -1527,6 +1529,7 @@
 	    if (!data)
 	    {
 		xfree(c);
+	        c = old_closure;
 		err = BadAlloc;
 		goto bail;
 	    }
@@ -1538,6 +1541,7 @@
 	    {
 		xfree(c->data);
 		xfree(c);
+	        c = old_closure;
 		err = BadAlloc;
 		goto bail;
 	    }
@@ -1551,6 +1555,7 @@
 		FreeScratchGC(pGC);
 		xfree(c->data);
 		xfree(c);
+	        c = old_closure;
 		err = BadAlloc;
 		goto bail;
 	    }