summaryrefslogtreecommitdiffstats
path: root/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2013-4396.diff
blob: af517411c0580fd3b1224ff00a64263b4f293b0a (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

--- ./dix/dixfonts.c.orig	2010-10-30 21:47:09.000000000 -0500
+++ ./dix/dixfonts.c	2013-10-09 21:38:47.607788240 -0500
@@ -1500,6 +1500,7 @@
 	    GC *pGC;
 	    unsigned char *data;
 	    ITclosurePtr new_closure;
+            ITclosurePtr old_closure;
 
 	    /* We're putting the client to sleep.  We need to
 	       save some state.  Similar problem to that handled
@@ -1512,6 +1513,7 @@
 		err = BadAlloc;
 		goto bail;
 	    }
+	    old_closure = c;
 	    *new_closure = *c;
 	    c = new_closure;
 
@@ -1519,6 +1521,7 @@
 	    if (!data)
 	    {
 		free(c);
+	        c = old_closure;
 		err = BadAlloc;
 		goto bail;
 	    }
@@ -1530,6 +1533,7 @@
 	    {
 		free(c->data);
 		free(c);
+                c = old_closure;
 		err = BadAlloc;
 		goto bail;
 	    }
@@ -1543,6 +1547,7 @@
 		FreeScratchGC(pGC);
 		free(c->data);
 		free(c);
+                c = old_closure;
 		err = BadAlloc;
 		goto bail;
 	    }
generated by cgit v1.2.3 (git 2.26.2) at 2024-04-30 22:47:12 +0000