[PATCH] xserver/composite: Initialize borderclip members in compRedirectWindow

Maarten Lankhorst maarten.lankhorst at canonical.com
Wed Oct 17 10:08:00 PDT 2012 

compRedirectWindow does not initialize borderClip(X,Y ) members on allocation,
which could theoretically cause a crash because borderClip contains a pointer.
Solve this by copying the data over from pWin.

Noticed this when working on
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1065113

Specific error valgrind error I was receiving is:

==25858== Conditional jump or move depends on uninitialised value(s)
==25858==    at 0x1EBF32: compClipNotify (compwindow.c:304)
==25858==    by 0x2A2C23: miComputeClips (mivaltree.c:489)
==25858==    by 0x2A321C: miValidateTree (mivaltree.c:695)
==25858==    by 0x1896EE: MapWindow (window.c:2594)
==25858==    by 0x1EB15B: compCreateOverlayWindow (compoverlay.c:155)
==25858==    by 0x1E9ABA: ProcCompositeGetOverlayWindow (compext.c:304)
==25858==    by 0x15DA50: Dispatch (dispatch.c:428)
==25858==    by 0x14C569: main (main.c:295)
==25858==  Uninitialised value was created by a heap allocation
==25858==    at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==25858==    by 0x1ED4A3: compRedirectWindow (compalloc.c:172)
==25858==    by 0x1EC142: compCreateWindow (compwindow.c:558)
==25858==    by 0x18C56C: CreateWindow (window.c:801)
==25858==    by 0x1EB0FF: compCreateOverlayWindow (compoverlay.c:145)
==25858==    by 0x1E9ABA: ProcCompositeGetOverlayWindow (compext.c:304)
==25858==    by 0x15DA50: Dispatch (dispatch.c:428)
==25858==    by 0x14C569: main (main.c:295)

Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>

---
I'm not 100% sure if this is the correct assignment, I'm just guessing from the functions.

diff --git a/composite/compalloc.c b/composite/compalloc.c
index cc69c68..b6c5785 100644
--- a/composite/compalloc.c
+++ b/composite/compalloc.c
@@ -195,6 +195,8 @@ compRedirectWindow(ClientPtr pClient, WindowPtr pWin, int update)
         cw->damaged = FALSE;
         cw->pOldPixmap = NullPixmap;
         dixSetPrivate(&pWin->devPrivates, CompWindowPrivateKey, cw);
+        cw->borderClipX = pWin->drawable.x;
+        cw->borderClipY = pWin->drawable.y;
     }
     ccw->next = cw->clients;
     cw->clients = ccw;

More information about the xorg-devel mailing list