apple: Fix a use after free

author Jonas Maebe <jonas.maebe@elis.ugent.be>

Mon, 23 Apr 2012 23:02:16 +0000 (16:02 -0700)

committer Jeremy Huddleston <jeremyhu@apple.com>

Mon, 23 Apr 2012 23:17:39 +0000 (16:17 -0700)
author Jonas Maebe <jonas.maebe@elis.ugent.be>
Mon, 23 Apr 2012 23:02:16 +0000 (16:02 -0700)
committer Jeremy Huddleston <jeremyhu@apple.com>
Mon, 23 Apr 2012 23:17:39 +0000 (16:17 -0700)
diff --git a/src/glx/apple/apple_glx_surface.c b/src/glx/apple/apple_glx_surface.c

index 39f513034dc329f2bbfb9eb085e4089a86d838a8..d42fa3b326915aacbc34685fa7569cac250107e9 100644 (file)
--- a/src/glx/apple/apple_glx_surface.c
+++ b/src/glx/apple/apple_glx_surface.c
@@ -206,6 +206,10 @@ apple_glx_surface_destroy(unsigned int uid)
     if (d) {
        d->types.surface.pending_destroy = true;
        d->release(d);
+
+      /* apple_glx_drawable_find_by_uid returns a locked drawable */
+      d->unlock(d);
+
        /* 
         * We release 2 references to the surface.  One was acquired by
         * the find, and the other was leftover from a context, or 
@@ -217,7 +221,5 @@ apple_glx_surface_destroy(unsigned int uid)
         * by a glViewport callback (see apple_glx_context_update()).
         */
        d->destroy(d);
-
-      d->unlock(d);
     }
  }
author	Jonas Maebe <jonas.maebe@elis.ugent.be>
	Mon, 23 Apr 2012 23:02:16 +0000 (16:02 -0700)
committer	Jeremy Huddleston <jeremyhu@apple.com>
	Mon, 23 Apr 2012 23:17:39 +0000 (16:17 -0700)