On Tue, Apr 12, 2016 at 11:53 AM, John Sheu <s...@google.com> wrote:
> The XMesaVisual instances freed in the visuals table on display close
> are being freed with a free() call, instead of XMesaDestroyVisual(),
> causing a memory leak.
>
> Signed-off-by: John Sheu <s...@google.com>
> ---
> src/mesa/drivers/x11/fakeglx.c | 2 +-
> src/mesa/drivers/x11/xm_api.c | 1 +
> 2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/mesa/drivers/x11/fakeglx.c b/src/mesa/drivers/x11/fakeglx.c
> index 80b71765..2f4d9669 100644
> --- a/src/mesa/drivers/x11/fakeglx.c
> +++ b/src/mesa/drivers/x11/fakeglx.c
> @@ -794,7 +794,7 @@ destroy_visuals_on_display(Display *dpy)
> if (VisualTable[i]->display == dpy) {
> /* remove this visual */
> int j;
> - free(VisualTable[i]);
> + XMesaDestroyVisual(VisualTable[i]);
> for (j = i; j < NumVisuals - 1; j++)
> VisualTable[j] = VisualTable[j + 1];
> NumVisuals--;
> diff --git a/src/mesa/drivers/x11/xm_api.c b/src/mesa/drivers/x11/xm_api.c
> index 65e7ca89..82c4d188 100644
> --- a/src/mesa/drivers/x11/xm_api.c
> +++ b/src/mesa/drivers/x11/xm_api.c
> @@ -856,6 +856,7 @@ XMesaVisual XMesaCreateVisual( XMesaDisplay *display,
> accum_red_size, accum_green_size,
> accum_blue_size, accum_alpha_size,
> 0)) {
> + free(v->visinfo);
> free(v);
> return NULL;
> }
> --
> 2.8.0.rc3.226.g39d4020
>
Thanks! The implementations in xm_api.c are mostly good, with the exception
of the one place I fixed. Since XMesaDestroyVisual is a
"client-facing" call, I opted
to manually fix the free() to preserve layering.
As to how it was found, well, automated unittesting + automated heapchecker :-)
-John Sheu
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
