[PATCH] Fix crash when all glyphs of a given depth are freed, but not all glyphsets

Peter Harris pharris at opentext.com
Tue Mar 23 09:08:19 PDT 2010


This is how the crash can be triggered with only two clients on the system:
Client A: (already running)
Client B: Connect
Client B: CreateGlyphSet(depthN)
Client A: Disconnect
Server: free globalGlyphs(depthN)
Client B: AddGlyphs(depthN)
Server: SEGV

This crash was introduced with the FindGlyphsByHash function
in 516b96387b0e57b524a37a96da22dbeeeb041712. Before that revision,
ResizeGlyphSet was always called before FindGlyphRef, which would
re-create globalGlyphs(depthN) if necessary.

X.Org Bug 20718 <http://bugs.freedesktop.org/show_bug.cgi?id=20718>

Reviewed-by: Adam Jackson <ajax at redhat.com>
Signed-off-by: Peter Harris <pharris at opentext.com>
---

Keith,
 Please apply directly. I haven't set up a tree that can be pulled
from yet.

 render/glyph.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/render/glyph.c b/render/glyph.c
index 0b864ad..f0f3b19 100644
--- a/render/glyph.c
+++ b/render/glyph.c
@@ -217,6 +217,9 @@ FindGlyphByHash (unsigned char sha1[20], int format)
     GlyphRefPtr gr;
     CARD32 signature = *(CARD32 *) sha1;
 
+    if (!globalGlyphs[format].hashSet)
+	return NULL;
+
     gr = FindGlyphRef (&globalGlyphs[format],
 		       signature, TRUE, sha1);
 
-- 
1.7.0.2



More information about the xorg-devel mailing list