[PATCH xserver] xwayland: avoid a crash with empty window pixmaps

Adam Jackson ajax at nwnk.net
Tue Jan 23 17:41:55 UTC 2018


On Tue, 2018-01-23 at 10:15 +0000, Daniel Stone wrote:

> Ooh. serialNumber == 1 means it's the root pixmap, which will actually
> be uselessly empty. It would be interesting to see how we've ended up
> here: it would have to be a top-level window which a) was manually
> redirected by the WM when it was created, b) had damage posted on it,
> and c) was unredirected (in that order). I can't think of how that
> would happen;

Map / draw / unmap without hitting BlockHandler? I think
xwl_unrealize_window() might be broken for that case:

    /* ... */
    wl_surface_destroy(xwl_window->surface);
    if (RegionNotEmpty(DamageRegion(xwl_window->damage)))
        xorg_list_del(&xwl_window->link_damage);
    DamageUnregister(xwl_window->damage);
    DamageDestroy(xwl_window->damage);
    /* ... */

If (for whatever reason) the damage region wasn't empty, we'd never
unlink this window from the dirty list. Should probably just unlink it
unconditionally. If this is indeed what's happening, then the window
being updated in xwl_window_post_damage() would have ->mapped = 0, and
would be not the root window itself.

- ajax 


More information about the xorg-devel mailing list