[PATCH xserver] ramdac: Check ScreenPriv != NULL in xf86ScreenSetCursor()
Alex Goins
agoins at nvidia.com
Wed Oct 25 01:39:13 UTC 2017
Similar to change cba5a10f, xf86ScreenSetCursor() would dereference ScreenPriv
without NULL checking it. If Option "SWCursor" is specified, ScreenPriv == NULL.
Without this fix, it is observed that setting Option "SWCursor" "on" on the
modesetting driver in a PRIME configuration will segfault the server.
It is important to return success rather than failure in the instance that
ScreenPriv == NULL and pCurs == NullCursor, because otherwise xf86SetCursor()
can fall into infinite recursion: xf86SetCursor(pCurs) calls
xf86ScreenSetCursor(pCurs), and if FALSE, calls xf86SetCursor(NullCursor). If
xf86ScreenSetCursor(NullCursor) returns FALSE, it calls
xf86SetCursor(NullCursor) again and this repeats forever.
Signed-off-by: Alex Goins <agoins at nvidia.com>
---
hw/xfree86/ramdac/xf86HWCurs.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/hw/xfree86/ramdac/xf86HWCurs.c b/hw/xfree86/ramdac/xf86HWCurs.c
index 2e4c9e5..366837c 100644
--- a/hw/xfree86/ramdac/xf86HWCurs.c
+++ b/hw/xfree86/ramdac/xf86HWCurs.c
@@ -181,9 +181,16 @@ xf86ScreenSetCursor(ScreenPtr pScreen, CursorPtr pCurs, int x, int y)
xf86CursorScreenPtr ScreenPriv =
(xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates,
xf86CursorScreenKey);
- xf86CursorInfoPtr infoPtr = ScreenPriv->CursorInfoPtr;
+
+ xf86CursorInfoPtr infoPtr;
unsigned char *bits;
+ if (!ScreenPriv) { /* NULL if Option "SWCursor" */
+ return (pCurs == NullCursor);
+ }
+
+ infoPtr = ScreenPriv->CursorInfoPtr;
+
if (pCurs == NullCursor) {
(*infoPtr->HideCursor) (infoPtr->pScrn);
return TRUE;
--
2.7.4
More information about the xorg-devel
mailing list