xfree86: Strip dangling pointers from desiredMode

Based on the original patch by Chris Wilson, which was a better fix than mine. We stash a copy of the desiredMode on the crtc so that we can restore it after a vt switch. This copy is a simple memcpy and so also stashes a references to the pointers contained within the desiredMode. Those pointers are freed the next time the outputs are probed and mode list rebuilt, resulting in us chasing those dangling pointers on the next mode switch. ==22787== Invalid read of size 1 ==22787== at 0x40293C2: __GI_strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==22787== by 0x668F875: strdup (strdup.c:42) ==22787== by 0x5DBA00: XNFstrdup (utils.c:1124) ==22787== by 0x4D72ED: xf86DuplicateMode (xf86Modes.c:209) ==22787== by 0x4CA848: xf86CrtcSetModeTransform (xf86Crtc.c:276) ==22787== by 0x4D05B4: xf86SetDesiredModes (xf86Crtc.c:2677) ==22787== by 0xA7479D0: sna_create_screen_resources (sna_driver.c:220) ==22787== by 0x4CB914: xf86CrtcCreateScreenResources (xf86Crtc.c:725) ==22787== by 0x425498: main (main.c:216) ==22787== Address 0x72c60e0 is 0 bytes inside a block of size 9 free'd ==22787== at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==22787== by 0x4A547E: xf86DeleteMode (xf86Mode.c:1984) ==22787== by 0x4CD84F: xf86ProbeOutputModes (xf86Crtc.c:1578) ==22787== by 0x4DC405: xf86RandR12GetInfo12 (xf86RandR12.c:1537) ==22787== by 0x518119: RRGetInfo (rrinfo.c:202) ==22787== by 0x51D997: rrGetScreenResources (rrscreen.c:335) ==22787== by 0x51E0D0: ProcRRGetScreenResources (rrscreen.c:475) ==22787== by 0x513852: ProcRRDispatch (randr.c:493) ==22787== by 0x4346DB: Dispatch (dispatch.c:439) ==22787== by 0x4256E4: main (main.c:287) Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com> Reported-by: Zdenek Kabelac <zdenek.kabelac@gmail.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=36108 Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> Signed-off-by: Keith Packard <keithp@keithp.com>
author: Maarten Lankhorst <maarten.lankhorst@canonical.com> 2012-07-11 16:27:46 +0200
committer: Keith Packard <keithp@keithp.com> 2012-07-11 15:55:22 -0700
commit: deb08658e2a6b1647a7213a316c6f3019bcdce48 (patch)
tree: e88acb1ca9a12bed2b58143ab8e0facc09c74a00 /hw/xfree86/modes/xf86Modes.c
parent: 59c2c4f645b4d782599c274f4bc752de9623d308 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/hw/xfree86/modes/xf86Modes.c b/hw/xfree86/modes/xf86Modes.c
index 2a6d26756..c4a3eb0a3 100644
--- a/hw/xfree86/modes/xf86Modes.c
+++ b/hw/xfree86/modes/xf86Modes.c
@@ -191,6 +191,21 @@ xf86SetModeCrtc(DisplayModePtr p, int adjustFlags)
 }
 
 /**
+ * Fills in a copy of mode, removing all stale pointer references.
+ * xf86ModesEqual will return true when comparing with original mode.
+ */
+void
+xf86SaveModeContents(DisplayModePtr intern, const DisplayModeRec *mode)
+{
+    *intern = *mode;
+    intern->prev = intern->next = NULL;
+    intern->name = NULL;
+    intern->PrivSize = 0;
+    intern->PrivFlags = 0;
+    intern->Private = NULL;
+}
+
+/**
  * Allocates and returns a copy of pMode, including pointers within pMode.
  */
 DisplayModePtr
author	Maarten Lankhorst <maarten.lankhorst@canonical.com>	2012-07-11 16:27:46 +0200
committer	Keith Packard <keithp@keithp.com>	2012-07-11 15:55:22 -0700
commit	deb08658e2a6b1647a7213a316c6f3019bcdce48 (patch)
tree	e88acb1ca9a12bed2b58143ab8e0facc09c74a00 /hw/xfree86/modes/xf86Modes.c
parent	59c2c4f645b4d782599c274f4bc752de9623d308 (diff)