Hide Forgot
Created attachment 486058 [details] Proposed patch from upstream git commit e0a501e9 Description of problem: There's a memory leak in libXcursor XcursorFileHeaderCreate() which leaks the comment and fileHeader Version-Release number of selected component (if applicable): libXcursor-1.1.7-1.1 How reproducible: Always Steps to Reproduce: 1. Run any Xt or OpenMotif program within valgrind Actual results: ==3210== 60 bytes in 1 blocks are definitely lost in loss record 386 of 724 ==3210== at 0x4A05E1C: malloc (vg_replace_malloc.c:195) ==3210== by 0x3403C05495: _XcursorFileHeaderCreate (file.c:219) ==3210== by 0x3403C05CB7: _XcursorReadFileHeader (file.c:255) ==3210== by 0x3403C066C8: XcursorXcFileLoadImages (file.c:659) ==3210== by 0x3403C067E8: XcursorFileLoadImages (file.c:948) ==3210== by 0x3403C07074: XcursorLibraryLoadImages (library.c:311) ==3210== by 0x3403C079A7: XcursorTryShapeCursor (xlib.c:106) ==3210== by 0x33FFC250B3: XCreateGlyphCursor (CrGlCur.c:175) ==3210== by 0x33FFC25610: XCreateFontCursor (Cursor.c:52) ==3210== by 0x340D81A3F0: XtCvtStringToCursor (Converters.c:688) ==3210== by 0x340D815953: CallConverter (Convert.c:808) ==3210== by 0x340D815CDB: _XtConvert (Convert.c:896) Expected results: No leak Additional info: This is fixed with git commit e0a501e9 upstream: commit e0a501e91c270c0e99a55aa568f6df0d3d6e541d Author: Chris Wilson <cpwilson.com> Date: Sat Aug 12 19:55:44 2006 +0300 fix leak in header destruction Fix a couple of if (!foo) free(foo); tests. Patch attached.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Devel-ack. These two: @@ -121,8 +120,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length) void XcursorCommentDestroy (XcursorComment *comment) { - if (!comment) - free (comment); + free (comment); } XcursorComments * @@ -205,8 +203,7 @@ _XcursorWriteBytes (XcursorFile *file, char *bytes, int length) static void _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader) { - if (!fileHeader) - free (fileHeader); + free (fileHeader); } are the relevant changes. The sense in the if was inverted.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1538.html