xserver: Branch 'master' - 2 commits
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Oct 25 15:08:52 UTC 2018
present/present.h | 5 -----
present/present_wnmd.c | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
New commits:
commit 32abc222880119eba0adf17897c3d8d1cc1f17db
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Mon Oct 22 11:54:31 2018 +0200
present: Remove `present_event_abandon()`
This has never been actually implemented, do not tempt people to use it.
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
Reviewed-by: Michel Daenzer <michel.daenzer at amd.com>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
diff --git a/present/present.h b/present/present.h
index 3d0b9722b..eaef02a68 100644
--- a/present/present.h
+++ b/present/present.h
@@ -167,11 +167,6 @@ present_event_notify(uint64_t event_id, uint64_t ust, uint64_t msc);
extern _X_EXPORT void
present_wnmd_event_notify(WindowPtr window, uint64_t event_id, uint64_t ust, uint64_t msc);
-/* 'crtc' has been turned off, so any pending events will never occur.
- */
-extern _X_EXPORT void
-present_event_abandon(RRCrtcPtr crtc);
-
extern _X_EXPORT Bool
present_screen_init(ScreenPtr screen, present_screen_info_ptr info);
extern _X_EXPORT Bool
commit b768b7d6cec41b8b320c468ec41aab5a8b49b27b
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Mon Oct 22 11:48:25 2018 +0200
present/wnmd: Fix use after free on CRTC removal
Xwayland will add and remove CRTCs as Wayland outputs are added or
removed.
If there is a pending flip when this occurs, the
`xwl_present_sync_callback()` will be triggered after the Xwayland
output's RRCtrcPtr has been destroyed, hence causing a crash in Xwayland
while trying to use freed memory:
#1 abort ()
#2 OsAbort () at utils.c:1350
#3 AbortServer () at log.c:877
#4 FatalError () at log.c:1015
#5 OsSigHandler () at osinit.c:156
#6 <signal handler called>
#7 dixGetPrivate () at ../include/privates.h:122
#8 dixLookupPrivate () at ../include/privates.h:166
#9 present_screen_priv () at present_priv.h:198
#10 present_wnmd_flip () at present_wnmd.c:358
#11 present_wnmd_execute () at present_wnmd.c:466
#12 present_wnmd_re_execute () at present_wnmd.c:80
#13 xwl_present_sync_callback () at xwayland-present.c:287
#14 ffi_call_unix64 () from /lib64/libffi.so.6
#15 ffi_call () from /lib64/libffi.so.6
#16 wl_closure_invoke () at src/connection.c:1006
#17 dispatch_event () at src/wayland-client.c:1427
#18 dispatch_queue () at src/wayland-client.c:1573
#19 wl_display_dispatch_queue_pending () at src/wayland-client.c:1815
#20 wl_display_dispatch_pending () at src/wayland-client.c:1878
#21 xwl_read_events () at xwayland.c:814
#22 ospoll_wait () at ospoll.c:651
#23 WaitForSomething () at WaitFor.c:208
#24 Dispatch () at ../include/list.h:220
#25 dix_main () at main.c:276
To avoid the issue, get the `ScreenPtr` from the window instead of the
CRTC that might have been just freed, `xwl_present_flip()` has no use
for the CRTC anyway.
Bugzilla: https://bugs.freedesktop.org/108249
Suggested-by: Michel Daenzer <michel.daenzer at amd.com>
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
Reviewed-by: Michel Daenzer <michel.daenzer at amd.com>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
diff --git a/present/present_wnmd.c b/present/present_wnmd.c
index 8f3836440..2c6412a72 100644
--- a/present/present_wnmd.c
+++ b/present/present_wnmd.c
@@ -354,7 +354,7 @@ present_wnmd_flip(WindowPtr window,
Bool sync_flip,
RegionPtr damage)
{
- ScreenPtr screen = crtc->pScreen;
+ ScreenPtr screen = window->drawable.pScreen;
present_screen_priv_ptr screen_priv = present_screen_priv(screen);
return (*screen_priv->wnmd_info->flip) (window,
More information about the xorg-commit
mailing list