[PATCH] dix: Clear any existing selections before initializing privates
Adam Jackson
ajax at nwnk.net
Mon Feb 3 22:16:54 CET 2014
On Mon, 2013-12-30 at 09:15 -0600, Andrew Eikum wrote:
> If there is a selection left over from a previous execution of the
> main loop, and that selection has privates allocated for it, the X
> server will crash. This is because dixResetPrivates() resets the
> privates refcounts to zero without accounting for the reference held
> by the selection object. When the selection is then deleted in
> InitSelections() after the call to dixResetPrivates(), the refcount
> for its privates type goes negative and bad things happen.
>
> To fix this, we should delete any existing selections before calling
> dixResetPrivates(). This will properly release the selection's
> privates and avoid the crash.
>
> A more thorough description of the problem and a test case to
> reproduce the crash is available at a previous mail:
> "Negative Selection devPrivates refcount?"
> By Andrew Eikum to xorg-devel on 10 Dec 2013
> http://lists.freedesktop.org/archives/xorg-devel/2013-December/039492.html
Reviewed-by: Adam Jackson <ajax at redhat.com>
- ajax
More information about the xorg-devel
mailing list