[haiku-commits] haiku: hrev43446 - src/add-ons/accelerants/common

  • From: mmlr@xxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Fri, 9 Dec 2011 16:05:01 +0100 (CET)

hrev43446 adds 1 changeset to branch 'master'
old head: 6ba5fa4d64c5cdda19404c9d8360d809d9546144
new head: b5cc636fa4ccd73498a0ac8d184ff192799d5d27

----------------------------------------------------------------------------

b5cc636: Make a copy of the mode list as it might be realloced later.
  
  The fModes array is realloc'ed as needed when adding modes. Therefore
  the fModes pointer handed in to AddModes() becomes invalid once
  _MakeSpace() returns in that function causing a freed memory block to
  be used as input.
  
  To avoid that we make a copy of the base mode list and then use that to
  add the modes for each color space.

                                            [ Michael Lotz <mmlr@xxxxxxxx> ]

----------------------------------------------------------------------------

Revision:    hrev43446
Commit:      b5cc636fa4ccd73498a0ac8d184ff192799d5d27
URL:         http://cgit.haiku-os.org/haiku/commit/?id=b5cc636
Author:      Michael Lotz <mmlr@xxxxxxxx>
Date:        Fri Dec  9 15:00:35 2011 UTC

----------------------------------------------------------------------------

1 files changed, 13 insertions(+), 4 deletions(-)
.../accelerants/common/create_display_modes.cpp    |   17 ++++++++++++---

----------------------------------------------------------------------------

diff --git a/src/add-ons/accelerants/common/create_display_modes.cpp 
b/src/add-ons/accelerants/common/create_display_modes.cpp
index a2916b3..83afcc5 100644
--- a/src/add-ons/accelerants/common/create_display_modes.cpp
+++ b/src/add-ons/accelerants/common/create_display_modes.cpp
@@ -331,17 +331,26 @@ ModeList::AddModes(const display_mode* modes, uint32 
count)
 bool
 ModeList::CreateColorSpaces(const color_space* spaces, uint32 count)
 {
-       uint32 modeCount = fCount;
+       uint32 baseModeCount = fCount;
+       size_t baseModesSize = baseModeCount * sizeof(display_mode);
+       display_mode* baseModes = (display_mode*)malloc(baseModesSize);
+       if (baseModes == NULL)
+               return false;
+
+       memcpy(baseModes, fModes, baseModesSize);
 
        for (uint32 i = 0; i < count; i++) {
-               if (i > 0 && !AddModes(fModes, modeCount))
+               if (i > 0 && !AddModes(baseModes, baseModeCount)) {
+                       free(baseModes);
                        return false;
+               }
 
-               for (uint32 j = 0; j < modeCount; j++) {
-                       fModes[j + fCount - modeCount].space = spaces[i];
+               for (uint32 j = 0; j < baseModeCount; j++) {
+                       fModes[j + fCount - baseModeCount].space = spaces[i];
                }
        }
 
+       free(baseModes);
        return true;
 }
 


Other related posts:

  • » [haiku-commits] haiku: hrev43446 - src/add-ons/accelerants/common - mmlr