[PATCH xserver 1/2] glamor: Check for NULL pixmap in glamor_get_pixmap_texture()
Olivier Fourdan
ofourdan at redhat.com
Tue Mar 14 14:22:31 UTC 2017
glamor_create_pixmap() would return a NullPixmap if the given size is
larger than the maximum size of a pixmap.
But glamor_get_pixmap_texture() won't check if the given pixmap is
non-null, leading to a segfault if glamor_create_pixmap() failed.
This can be reproduced by passing Xephyr a very large screen width,
e.g.:
$ Xephyr -glamor -screen 32768x1024 :10
(EE)
(EE) Backtrace:
(EE) 0: Xephyr (OsSigHandler+0x29)
(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0)
(EE) 2: Xephyr (glamor_get_pixmap_texture+0x30)
(EE) 3: Xephyr (ephyr_glamor_create_screen_resources+0xc6)
(EE) 4: Xephyr (ephyrCreateResources+0x98)
(EE) 5: Xephyr (dix_main+0x275)
(EE) 6: /lib64/libc.so.6 (__libc_start_main+0xf1)
(EE) 7: Xephyr (_start+0x2a)
(EE) 8: ? (?+0x2a) [0x2a]
(EE)
(EE) Segmentation fault at address 0x0
(EE)
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE)
Aborted (core dumped)
Bugzilla: https://bugzilla.redhat.com/1431633
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
---
glamor/glamor.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/glamor/glamor.c b/glamor/glamor.c
index c54cf3b..2467443 100644
--- a/glamor/glamor.c
+++ b/glamor/glamor.c
@@ -133,6 +133,9 @@ glamor_get_pixmap_texture(PixmapPtr pixmap)
{
glamor_pixmap_private *pixmap_priv = glamor_get_pixmap_private(pixmap);
+ if (!pixmap_priv)
+ return 0;
+
if (pixmap_priv->type != GLAMOR_TEXTURE_ONLY)
return 0;
--
2.9.3
More information about the xorg-devel
mailing list