[PATCH] Check for NULL pointer from pixman_image_create_bits()
Bryce Harrington
bryce at canonical.com
Mon Feb 7 12:32:34 PST 2011
On Mon, Feb 07, 2011 at 11:15:24AM +0100, Soeren Sandmann wrote:
> Bryce Harrington <bryce at canonical.com> writes:
>
> > pixman_image_create_bits() can return NULL under a variety of
> > circumstances. If this happens, it will segfault when dereferenced in
> > pixman_image_set_accessors().
> >
> > http://bugs.freedesktop.org/show_bug.cgi?id=28882
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596155
> > https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/705078
> >
> > Signed-off-by: Bryce Harrington <bryce at canonical.com>
> > ---
> > fb/fbpict.c | 3 ++-
> > 1 files changed, 2 insertions(+), 1 deletions(-)
> >
> > diff --git a/fb/fbpict.c b/fb/fbpict.c
> > index 7636040..79b462b 100644
> > --- a/fb/fbpict.c
> > +++ b/fb/fbpict.c
> > @@ -163,7 +163,8 @@ create_bits_picture (PicturePtr pict,
> > pict->format,
> > pixmap->drawable.width, pixmap->drawable.height,
> > (uint32_t *)bits, stride * sizeof (FbStride));
> > -
> > + if (!image)
> > + return NULL;
>
> This patch is correct, I believe, so
>
> Reviewed-by: Soren Sandmann <ssp at redhat.com<
>
> However, I don't think it fixes the underlying bug since it's very
> likely that pixman_image_create_bits() returned NULL because it was
> passed incorrect parameters.
I agree, I'm still debugging the problem, but seemed clear this bit of
error checking was missing. The other two bug reports probably have
different underlying causes but they both also get hung up at this point
in the error handling logic, so seems worth fixing in general.
Bryce
More information about the xorg-devel
mailing list