[PATCH RFC xserver 0/2] glamor pixmap FBO array can be NULL
Olivier Fourdan
ofourdan at redhat.com
Tue Mar 14 13:58:25 UTC 2017
Hi,
Downstream bugzilla https://bugzilla.redhat.com/1417575 relates to a
crash in glamor:
https://bugzilla.redhat.com/attachment.cgi?id=1245820
While this is clearly a client bug, I reckon the Xserver should not
crash.
It appears that glamor_create_fbo_array() can fail to allocate the FBO
array, but then we always assume that the FBO returned by further calls
to glamor_pixmap_fbo_at() is not NULL.
To avoid the issue, check for the value returned by glamor_pixmap_fbo_at()
and return early without crashing when NULL, and change the API of
glamor_set_destination_drawable() to return a boolean, that will be FALSE
if the FBO is NULL so that we can check for the that calue and use a
fallback code path when this occurs.
There are some cases where we don't have a fallback code path, in which
case we'll avoid the crash in glamor_set_destination_drawable() but won't
render properly, but this is a rare occurence and not rendering properly
is still better than crashing the X server and the user losing his/her
entire session...
Note, I tried but failed to come up with a simple reproducer client for
this bug, thus the RFC status of the following patches...
Cheers,
Olivier
Olivier Fourdan (2):
glamor: glamor_set_destination_drawable() can fail
glamor: Check glamor_set_destination_drawable() return value
glamor/glamor_copy.c | 17 ++++++++++-------
glamor/glamor_glyphblt.c | 26 ++++++++++++++++----------
glamor/glamor_lines.c | 13 ++++++++-----
glamor/glamor_points.c | 14 ++++++++------
glamor/glamor_rects.c | 16 +++++++++++-----
glamor/glamor_segs.c | 14 ++++++++------
glamor/glamor_spans.c | 13 ++++++++-----
glamor/glamor_transform.c | 11 +++++++++--
glamor/glamor_transform.h | 2 +-
9 files changed, 79 insertions(+), 47 deletions(-)
--
2.9.3
More information about the xorg-devel
mailing list