[patch 2/2] fix segfault in VidModeGetCurrentModeline

Hong Liu hong.liu at intel.com
Tue Apr 22 01:41:40 PDT 2008


pScrn->currentMode may point to NULL, thus causes X server crash when
using the xfree86 VidMode extension calls.

This bug happens when you start X server with two outputs active
(f.e VGA and TMDS-1, compat_output is VGA). Then you unplug the monitor
on VGA output and execute xrandr to get the correct output status.
At this time, compat_output is still VGA with probed_modes == NULL.
Because the pScrn->currentMode is updated from the compat_output's
probed_modes, this will cause segfault in VidMode extension calls.

Thanks,
Hong

diff --git a/hw/xfree86/common/xf86VidMode.c b/hw/xfree86/common/xf86VidMode.c
index 38d605c..f0970d0 100644
--- a/hw/xfree86/common/xf86VidMode.c
+++ b/hw/xfree86/common/xf86VidMode.c
@@ -150,10 +150,12 @@ VidModeGetCurrentModeline(int scrnIndex, pointer *mode, int *dotClock)
 	return FALSE;
 
     pScrn = xf86Screens[scrnIndex];
-    *mode = (pointer)(pScrn->currentMode);
-    *dotClock = pScrn->currentMode->Clock;
-
-    return TRUE;
+    if (pScrn->currentMode) {
+	*mode = (pointer)(pScrn->currentMode);
+	*dotClock = pScrn->currentMode->Clock;
+	return TRUE;
+    }
+    return FALSE;
 }
 
 _X_EXPORT int
diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
index 8c2b247..e3a9066 100644
--- a/hw/xfree86/modes/xf86Crtc.c
+++ b/hw/xfree86/modes/xf86Crtc.c
@@ -1554,13 +1554,13 @@ xf86SetScrnInfoModes (ScrnInfoPtr scrn)
     DisplayModePtr	last, mode;
 
     output = config->output[config->compat_output];
-    if (!output->crtc)
+    if (!output->crtc || !output->probed_modes)
     {
 	int o;
 
 	output = NULL;
 	for (o = 0; o < config->num_output; o++)
-	    if (config->output[o]->crtc)
+	    if (config->output[o]->crtc && config->output[o]->probed_modes)
 	    {
 		config->compat_output = o;
 		output = config->output[o];





More information about the xorg mailing list