ofourdan / rpms / xorg-x11-server

Forked from rpms/xorg-x11-server 5 years ago
Clone
Source Code
GIT

Files

  1.   e625aaaade31df6b43fffa8021f28cd313bc71a8
  2.   0001-xwayland-do-not-crash-if-gbm_bo_create-fails.patch
Blob Blame History Raw 
From d2af650a280f94d7ddd155cb499110ab45135100 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Fri, 19 Oct 2018 16:04:32 +0200
Subject: [PATCH xserver] xwayland: do not crash if `gbm_bo_create()` fails

The function `xwl_glamor_gbm_create_pixmap()` first creates a buffer
objects and then creates the xwl_pixmap from it.

However, `xwl_glamor_gbm_create_pixmap_for_bo()` is not called if the
buffer object creation fails, and `xwl_glamor_gbm_create_pixmap()`
simply returns `glamor_create_pixmap()`.

The problem with this is that if `xwl_glamor_gbm_create_pixmap_for_bo()`
is not called then neither is `xwl_pixmap_set_private()` and further
calls to `xwl_pixmap_get()` will return NULL and cause a NULL pointer
dereference if the return value is not checked:

  #0  xwl_glamor_gbm_get_wl_buffer_for_pixmap ()
      at hw/xwayland/xwayland-glamor-gbm.c:248
  #1  xwl_window_post_damage () at hw/xwayland/xwayland.c:697
  #2  xwl_display_post_damage () at hw/xwayland/xwayland.c:759
  #3  block_handler () at hw/xwayland/xwayland.c:890
  #4  BlockHandler () at dix/dixutils.c:388
  #5  WaitForSomething () at os/WaitFor.c:201
  #6  Dispatch () at dix/dispatch.c:421
  #7  dix_main () at dix/main.c:276
  #8  __libc_start_main () at ../csu/libc-start.c:308
  #9  _start ()

  (gdb) print xwl_pixmap
  $1 = (struct xwl_pixmap *) 0x0

Make sure we check for `xwl_pixmap_get()` returned value where relevant
and fail gracefully if this is the case.

See also: https://gitlab.gnome.org/GNOME/mutter/issues/340

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Marco Trevisan <mail@3v1n0.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 036794bebce72a3fa2f95996d2e537ff568e0ff1)
---
 hw/xwayland/xwayland-glamor-gbm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/xwayland/xwayland-glamor-gbm.c b/hw/xwayland/xwayland-glamor-gbm.c
index 6aa1e4641d..5f8a68fd8c 100644
--- a/hw/xwayland/xwayland-glamor-gbm.c
+++ b/hw/xwayland/xwayland-glamor-gbm.c
@@ -244,6 +244,9 @@ xwl_glamor_gbm_get_wl_buffer_for_pixmap(PixmapPtr pixmap,
     uint64_t modifier;
     int i;
 
+    if (xwl_pixmap == NULL)
+       return NULL;
+
     if (xwl_pixmap->buffer) {
         /* Buffer already exists. Return it and inform caller if interested. */
         if (created)
@@ -494,6 +497,9 @@ glamor_egl_fds_from_pixmap(ScreenPtr screen, PixmapPtr pixmap, int *fds,
 
     xwl_pixmap = xwl_pixmap_get(pixmap);
 
+    if (xwl_pixmap == NULL)
+       return 0;
+
     if (!xwl_pixmap->bo)
        return 0;
 
-- 
2.19.1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.