modesetting: Fix ms_covering_crtc() segfault with non-xf86Crtc slave
DIX ScreenRecs don't necessarily have an xf86CrtcConfigPtr DDX private. ms_covering_crtc() assumes that they do, which can result in a segfault. Update ms_covering_crtc() to check the XF86_CRTC_CONFIG_PTR() returned pointer before dereferencing it. This will still mean that ms_covering_crtc() can't fall back to the primary output when a drawable overlaps a slave output (going to the 1 FPS default instead), but it won't segfault. Signed-off-by: Alex Goins <>
diff --git a/hw/xfree86/drivers/modesetting/vblank.c b/hw/xfree86/drivers/modesetting/vblank.c
index b38e5d4ec..65db1842a 100644
--- a/hw/xfree86/drivers/modesetting/vblank.c
+++ b/hw/xfree86/drivers/modesetting/vblank.c
@@ -141,6 +141,10 @@ ms_covering_crtc(ScreenPtr pScreen, BoxPtr box, Bool screen_is_ms)
best_crtc = NULL;
best_coverage = 0;
+ if (!xf86_config)
+ return NULL;
for (c = 0; c < xf86_config->num_crtc; c++) {
crtc = xf86_config->crtc[c];