[Intel-gfx] [PATCH] i915: Fix NULL pointer dereference in vblank tasklet if a drawable has no rects.
Keith Packard
keithp at keithp.com
Fri Oct 17 23:54:53 CEST 2008
On Fri, 2008-10-17 at 11:47 -0700, Eric Anholt wrote:
> This could occur if you dragged a window over a window queued for swapping,
> and the server updated its cliprects to 0 before the swap occurred.
>
> Signed-off-by: Eric Anholt <eric at anholt.net>
> ---
> drivers/gpu/drm/i915/i915_irq.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
> index 8332c12..6d0ae92 100644
> --- a/drivers/gpu/drm/i915/i915_irq.c
> +++ b/drivers/gpu/drm/i915/i915_irq.c
> @@ -192,7 +192,8 @@ static void i915_vblank_tasklet(struct drm_device *dev)
> struct drm_drawable_info *drw_cmp =
> drm_get_drawable_info(dev, swap_cmp->drw_id);
>
> - if (drw_cmp &&
> + if (drw_cmp && drw_cmp->num_rects != 0 &&
> + drw->num_rects != 0 &&
> drw_cmp->rects[0].y1 > drw->rects[0].y1) {
> list_add_tail(list, hit);
> break;
This is in the vblank rework patch I sent out last night, although I
merged it with the test for drw == NULL:
/* Make sure both drawables are still
* around and have some rectangles before
* we look inside to order them for the
* blts below.
*/
if (drw_cmp && drw_cmp->num_rects > 0 &&
drw && drw->num_rects > 0 &&
drw_cmp->rects[0].y1 > drw->rects[0].y1) {
list_add_tail(list, hit);
break;
}
Would you like me to split the vblank patch into pieces so we can see
these trivial bug fixes separated from the larger restructuring?
--
keith.packard at intel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/intel-gfx/attachments/20081017/4ba54fcd/attachment.sig>
More information about the Intel-gfx
mailing list