From 717cfd417b7b4be50d73c684b028a20ddcbb568e Mon Sep 17 00:00:00 2001 From: Keith Packard Date: Wed, 2 Nov 2016 13:39:50 -0700 Subject: [PATCH xserver v2 3/7] dix: Make sure client is not in output_pending chain after closed (RH 1382444) I think it is possible that output could get queued to a client during CloseDownClient. After it is removed from the pending queue, active grabs are released, the client is awoken if sleeping and any work queue entries related to the client are processed. To fix this, move the call removing it from the output_pending chain until after clientGone has been set and then check clientGone in output_pending_mark. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1382444 Signed-off-by: Keith Packard Reviewed-by: Hans de Goede Signed-off-by: Hans de Goede --- dix/dispatch.c | 2 +- include/dixstruct.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dix/dispatch.c b/dix/dispatch.c index e111377..3d0fe26 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -3406,7 +3406,6 @@ CloseDownClient(ClientPtr client) UngrabServer(client); } mark_client_not_ready(client); - xorg_list_del(&client->output_pending); BITCLEAR(grabWaiters, client->index); DeleteClientFromAnySelections(client); ReleaseActiveGrabs(client); @@ -3435,6 +3434,7 @@ CloseDownClient(ClientPtr client) if (ClientIsAsleep(client)) ClientSignal(client); ProcessWorkQueueZombies(); + output_pending_clear(client); CloseDownConnection(client); /* If the client made it to the Running stage, nClients has diff --git a/include/dixstruct.h b/include/dixstruct.h index 3b578f8..d71b0ac 100644 --- a/include/dixstruct.h +++ b/include/dixstruct.h @@ -159,7 +159,7 @@ extern struct xorg_list output_pending_clients; static inline void output_pending_mark(ClientPtr client) { - if (xorg_list_is_empty(&client->output_pending)) + if (!client->clientGone && xorg_list_is_empty(&client->output_pending)) xorg_list_append(&client->output_pending, &output_pending_clients); } -- 2.9.3