xserver: Branch 'master'

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Thu Oct 25 15:34:54 UTC 2018 

 hw/xwayland/xwayland-glamor-gbm.c |    6 ++++++
 1 file changed, 6 insertions(+)

New commits:
commit 036794bebce72a3fa2f95996d2e537ff568e0ff1
Author: Olivier Fourdan <ofourdan at redhat.com>
Date:   Fri Oct 19 16:04:32 2018 +0200

    xwayland: do not crash if `gbm_bo_create()` fails
    
    The function `xwl_glamor_gbm_create_pixmap()` first creates a buffer
    objects and then creates the xwl_pixmap from it.
    
    However, `xwl_glamor_gbm_create_pixmap_for_bo()` is not called if the
    buffer object creation fails, and `xwl_glamor_gbm_create_pixmap()`
    simply returns `glamor_create_pixmap()`.
    
    The problem with this is that if `xwl_glamor_gbm_create_pixmap_for_bo()`
    is not called then neither is `xwl_pixmap_set_private()` and further
    calls to `xwl_pixmap_get()` will return NULL and cause a NULL pointer
    dereference if the return value is not checked:
    
      #0  xwl_glamor_gbm_get_wl_buffer_for_pixmap ()
          at hw/xwayland/xwayland-glamor-gbm.c:248
      #1  xwl_window_post_damage () at hw/xwayland/xwayland.c:697
      #2  xwl_display_post_damage () at hw/xwayland/xwayland.c:759
      #3  block_handler () at hw/xwayland/xwayland.c:890
      #4  BlockHandler () at dix/dixutils.c:388
      #5  WaitForSomething () at os/WaitFor.c:201
      #6  Dispatch () at dix/dispatch.c:421
      #7  dix_main () at dix/main.c:276
      #8  __libc_start_main () at ../csu/libc-start.c:308
      #9  _start ()
    
      (gdb) print xwl_pixmap
      $1 = (struct xwl_pixmap *) 0x0
    
    Make sure we check for `xwl_pixmap_get()` returned value where relevant
    and fail gracefully if this is the case.
    
    See also: https://gitlab.gnome.org/GNOME/mutter/issues/340
    
    Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
    Reviewed-by: Marco Trevisan <mail at 3v1n0.net>
    Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>

diff --git a/hw/xwayland/xwayland-glamor-gbm.c b/hw/xwayland/xwayland-glamor-gbm.c
index 2eb069d01..a211e0915 100644
--- a/hw/xwayland/xwayland-glamor-gbm.c
+++ b/hw/xwayland/xwayland-glamor-gbm.c
@@ -260,6 +260,9 @@ xwl_glamor_gbm_get_wl_buffer_for_pixmap(PixmapPtr pixmap,
     uint64_t modifier;
     int i;
 
+    if (xwl_pixmap == NULL)
+       return NULL;
+
     if (xwl_pixmap->buffer) {
         /* Buffer already exists. Return it and inform caller if interested. */
         if (created)
@@ -510,6 +513,9 @@ glamor_egl_fds_from_pixmap(ScreenPtr screen, PixmapPtr pixmap, int *fds,
 
     xwl_pixmap = xwl_pixmap_get(pixmap);
 
+    if (xwl_pixmap == NULL)
+       return 0;
+
     if (!xwl_pixmap->bo)
        return 0;

More information about the xorg-commit mailing list