[PATCH v2] present: fix freed pointer access

Roman Gilg subdiff at gmail.com
Tue Sep 4 15:27:44 UTC 2018 

Ok, I just got a failing assert in xwl_present_flips_stop with the patch
when opening a context menu in Steam. Seems the xwl_present_flips_stop call
is coming in too late now after the presenting window has already been
changed.

>
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007f9f5a5f1801 in __GI_abort () at abort.c:79
#2  0x0000564a52bda52a in OsAbort () at ../../src/xserver/os/utils.c:1350
#3  0x0000564a52bdf733 in AbortServer () at ../../src/xserver/os/log.c:877
#4  0x0000564a52be0555 in FatalError (f=f at entry=0x564a52c21c70 "Caught
signal %d (%s). Server aborting\n") at ../../src/xserver/os/log.c:1015
#5  0x0000564a52bd7613 in OsSigHandler (signo=6, sip=<optimized out>,
unused=<optimized out>) at ../../src/xserver/os/osinit.c:156
#6  <signal handler called>
#7  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#8  0x00007f9f5a5f1801 in __GI_abort () at abort.c:79
#9  0x00007f9f5a5e139a in __assert_fail_base (fmt=0x7f9f5a7687d8
"%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion at entry=0x564a52c0d9e0
"xwl_window->present_window == window", file=file at entry=0x564a52c0d9a8
"../../src/xserver/hw/xwayland/xwayland-present.c", line=line at entry=516,
function=function at entry=0x564a52c0da20 <__PRETTY_FUNCTION__.25179>
"xwl_present_flips_stop") at assert.c:92
#10 0x00007f9f5a5e1412 in __GI___assert_fail
(assertion=assertion at entry=0x564a52c0d9e0
"xwl_window->present_window == window", file=file at entry=0x564a52c0d9a8
"../../src/xserver/hw/xwayland/xwayland-present.c", line=line at entry=516,
function=function at entry=0x564a52c0da20 <__PRETTY_FUNCTION__.25179>
"xwl_present_flips_stop") at assert.c:101
#11 0x0000564a52aa817b in xwl_present_flips_stop (window=0x564a544fda10) at
../../src/xserver/hw/xwayland/xwayland-present.c:516
#12 0x0000564a52b65968 in present_wnmd_flips_stop (window=<optimized out>)
at ../../src/xserver/present/present_wnmd.c:159
#13 0x0000564a52b65bc5 in present_wnmd_check_flip_window
(window=0x564a544fda10) at ../../src/xserver/present/present_wnmd.c:332
#14 0x0000564a52b642af in present_clip_notify (window=0x564a544fda10,
dx=896, dy=471) at ../../src/xserver/present/present_screen.c:203
#15 0x0000564a52b3a422 in compClipNotify (pWin=0x564a544fda10, dx=896,
dy=471) at ../../src/xserver/composite/compwindow.c:317
#16 0x0000564a52ae950a in miComputeClips (pParent=pParent at entry=0x564a544fda10,
pScreen=pScreen at entry=0x564a53de3970, universe=universe at entry=0x7fff351d9cb0,
kind=kind at entry=VTOther, exposed=exposed at entry=0x7fff351d9e30) at
../../src/xserver/mi/mivaltree.c:478
#17 0x0000564a52ae9833 in miComputeClips (pParent=pParent at entry=0x564a54868030,
pScreen=pScreen at entry=0x564a53de3970, universe=universe at entry=0x7fff351d9d60,
kind=kind at entry=VTOther, exposed=exposed at entry=0x7fff351d9e30) at
../../src/xserver/mi/mivaltree.c:428
#18 0x0000564a52ae9833 in miComputeClips (pParent=pParent at entry=0x564a54867ea0,
pScreen=pScreen at entry=0x564a53de3970, universe=universe at entry=0x7fff351d9e10,
kind=kind at entry=VTOther, exposed=exposed at entry=0x7fff351d9e30) at
../../src/xserver/mi/mivaltree.c:428
#19 0x0000564a52ae9ab3 in miValidateTree (pParent=0x564a53fb0570,
pChild=0x564a54867ea0, kind=<optimized out>) at
../../src/xserver/mi/mivaltree.c:681
#20 0x0000564a52af08a1 in miResizeWindow (pWin=0x564a54867ea0, x=896,
y=471, w=<optimized out>, h=<optimized out>, pSib=0x0) at
../../src/xserver/mi/miwindow.c:467
#21 0x0000564a52b3aaaa in compResizeWindow (pWin=0x564a54867ea0,
x=<optimized out>, y=<optimized out>, w=<optimized    out>, h=<optimized
out>, pSib=<optimized out>) at ../../src/xserver/composite/compwindow.c:407
#22 0x0000564a52b31144 in ConfigureWindow (pWin=<optimized out>,
mask=<optimized out>, vlist=vlist at entry=0x564a5420c620,
client=client at entry=0x564a542020c0)
at ../../src/xserver/dix/window.c:2422
#23 0x0000564a52b00469 in ProcConfigureWindow (client=0x564a542020c0) at
../../src/xserver/dix/dispatch.c:916
#24 0x0000564a52b06178 in Dispatch () at
../../src/xserver/dix/dispatch.c:478
#25 0x0000564a52b0a178 in dix_main (argc=6, argv=0x7fff351da2a8,
envp=<optimized out>) at ../../src/xserver/dix/main.c:276
#26 0x00007f9f5a5d2b97 in __libc_start_main (main=0x564a52a9cf30 <main>,
argc=6, argv=0x7fff351da2a8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fff351da298) at
../csu/libc-start.c:310
#27 0x0000564a52a9cf6a in _start ()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.x.org/archives/xorg-devel/attachments/20180904/721bb7d0/attachment.html>

More information about the xorg-devel mailing list