[RFC PATCH xserver] xwayland: make sure client is not gone in sync callback
Olivier Fourdan
ofourdan at redhat.com
Mon Mar 6 14:32:26 UTC 2017
> in XWayland, dri3_send_open_reply() is called from a sync callback, so
> there is a possibility that the client might be gone when we get to the
> callback eventually, which leads to a crash in _XSERVTransSendFd() from
> WriteFdToClient() .
>
> Check if clientGone has been set in the sync callback handler to avoid
> this.
>
> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99149
> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1416553
> Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
> ---
> This seems to be a fairly rare occurence, but we do have bugs filed both
> upstream and downstream for this.
> I don't have any core file unfortunately so this is based solely on
> the addresses returned by the crash handler, thus the "RFC" on this
> patch...
>
> hw/xwayland/xwayland-glamor.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/hw/xwayland/xwayland-glamor.c b/hw/xwayland/xwayland-glamor.c
> index b3d0aab..65c3c00 100644
> --- a/hw/xwayland/xwayland-glamor.c
> +++ b/hw/xwayland/xwayland-glamor.c
> @@ -435,9 +435,12 @@ static void
> sync_callback(void *data, struct wl_callback *callback, uint32_t serial)
> {
> struct xwl_auth_state *state = data;
> + ClientPtr client = state->client;
>
> - dri3_send_open_reply(state->client, state->fd);
> - AttendClient(state->client);
> + if (!client->clientGone) {
> + dri3_send_open_reply(client, state->fd);
> + AttendClient(client);
> + }
> free(state);
> wl_callback_destroy(callback);
> }
> --
The fix has been succesfully tested in bug 100040
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=100040
Tested-by: Mark B <mark.blakeney at bullet-systems.net>
More information about the xorg-devel
mailing list