Make a copy of the mode list as it might be realloced later.

The fModes array is realloc'ed as needed when adding modes. Therefore the fModes pointer handed in to AddModes() becomes invalid once _MakeSpace() returns in that function causing a freed memory block to be used as input. To avoid that we make a copy of the base mode list and then use that to add the modes for each color space.
2011-12-09 16:00:35 +01:00 · 2011-12-09 16:00:35 +01:00 · b5cc636fa4
commit b5cc636fa4
parent 6ba5fa4d64
1 changed files with 13 additions and 4 deletions
--- a/src/add-ons/accelerants/common/create_display_modes.cpp
+++ b/src/add-ons/accelerants/common/create_display_modes.cpp
@ -331,17 +331,26 @@ ModeList::AddModes(const display_mode* modes, uint32 count)
 bool
 ModeList::CreateColorSpaces(const color_space* spaces, uint32 count)
 {
-	uint32 modeCount = fCount;
+	uint32 baseModeCount = fCount;
+	size_t baseModesSize = baseModeCount * sizeof(display_mode);
+	display_mode* baseModes = (display_mode*)malloc(baseModesSize);
+	if (baseModes == NULL)
+		return false;
+
+	memcpy(baseModes, fModes, baseModesSize);

 	for (uint32 i = 0; i < count; i++) {
-		if (i > 0 && !AddModes(fModes, modeCount))
+		if (i > 0 && !AddModes(baseModes, baseModeCount)) {
+			free(baseModes);
 			return false;
+		}

-		for (uint32 j = 0; j < modeCount; j++) {
-			fModes[j + fCount - modeCount].space = spaces[i];
+		for (uint32 j = 0; j < baseModeCount; j++) {
+			fModes[j + fCount - baseModeCount].space = spaces[i];
 		}
 	}

+	free(baseModes);
 	return true;
 }