diff options
| author | Olivier Fourdan <ofourdan@redhat.com> | 2018-10-19 16:04:32 +0200 |
|---|---|---|
| committer | Olivier Fourdan <ofourdan@redhat.com> | 2019-01-09 15:26:33 +0100 |
| commit | cf8e064ec0bed45b8cda9ae390c7af78d8ede50f (patch) | |
| tree | bf858158c9d21d723e2ea1ab03c693b75fa20cc0 | |
| parent | f89518e17f7d507734af212785e0b3e47954f603 (diff) | |
xwayland: do not crash if `gbm_bo_create()` fails
The function `xwl_glamor_gbm_create_pixmap()` first creates a buffer
objects and then creates the xwl_pixmap from it.
However, `xwl_glamor_gbm_create_pixmap_for_bo()` is not called if the
buffer object creation fails, and `xwl_glamor_gbm_create_pixmap()`
simply returns `glamor_create_pixmap()`.
The problem with this is that if `xwl_glamor_gbm_create_pixmap_for_bo()`
is not called then neither is `xwl_pixmap_set_private()` and further
calls to `xwl_pixmap_get()` will return NULL and cause a NULL pointer
dereference if the return value is not checked:
#0 xwl_glamor_gbm_get_wl_buffer_for_pixmap ()
at hw/xwayland/xwayland-glamor-gbm.c:248
#1 xwl_window_post_damage () at hw/xwayland/xwayland.c:697
#2 xwl_display_post_damage () at hw/xwayland/xwayland.c:759
#3 block_handler () at hw/xwayland/xwayland.c:890
#4 BlockHandler () at dix/dixutils.c:388
#5 WaitForSomething () at os/WaitFor.c:201
#6 Dispatch () at dix/dispatch.c:421
#7 dix_main () at dix/main.c:276
#8 __libc_start_main () at ../csu/libc-start.c:308
#9 _start ()
(gdb) print xwl_pixmap
$1 = (struct xwl_pixmap *) 0x0
Make sure we check for `xwl_pixmap_get()` returned value where relevant
and fail gracefully if this is the case.
See also: https://gitlab.gnome.org/GNOME/mutter/issues/340
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Marco Trevisan <mail@3v1n0.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 036794bebce72a3fa2f95996d2e537ff568e0ff1)
| -rw-r--r-- | hw/xwayland/xwayland-glamor-gbm.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/hw/xwayland/xwayland-glamor-gbm.c b/hw/xwayland/xwayland-glamor-gbm.c index 6aa1e4641..5f8a68fd8 100644 --- a/hw/xwayland/xwayland-glamor-gbm.c +++ b/hw/xwayland/xwayland-glamor-gbm.c @@ -244,6 +244,9 @@ xwl_glamor_gbm_get_wl_buffer_for_pixmap(PixmapPtr pixmap, uint64_t modifier; int i; + if (xwl_pixmap == NULL) + return NULL; + if (xwl_pixmap->buffer) { /* Buffer already exists. Return it and inform caller if interested. */ if (created) @@ -494,6 +497,9 @@ glamor_egl_fds_from_pixmap(ScreenPtr screen, PixmapPtr pixmap, int *fds, xwl_pixmap = xwl_pixmap_get(pixmap); + if (xwl_pixmap == NULL) + return 0; + if (!xwl_pixmap->bo) return 0; |