From bfdf99d6ff64b9c2d840e8a5767eaa57e4363c79 Mon Sep 17 00:00:00 2001 From: Mike Gorchak Date: Wed, 2 Jan 2013 13:39:50 -0700 Subject: [PATCH 1/2] glu: initialize PriorityQ::order field to NULL in pqNewPriorityQ() pqNewPriorityQ() function creates and setups PriorityQ structure, all except for the field "order". It is filled later in function pqInit(). Depending on vertices of polygon which must be tesselated there possible following situation, pqDeletePriorityQ() is called right after pqNewPriorityQ() function. pqNewPriorityQ() tries to free memory using pq->order as pointer, which is unitialized at this point. Signed-off-by: Brian Paul --- src/libtess/priorityq.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libtess/priorityq.c b/src/libtess/priorityq.c index c6b99cc..db7cd59 100644 --- a/src/libtess/priorityq.c +++ b/src/libtess/priorityq.c @@ -65,6 +65,7 @@ PriorityQ *pqNewPriorityQ( int (*leq)(PQkey key1, PQkey key2) ) return NULL; } + pq->order = NULL; pq->size = 0; pq->max = INIT_SIZE; pq->initialized = FALSE; -- 1.8.3.1