[Mesa-dev] [PATCH] egl: Fix crashes in eglCreate*Surface()

[Emil Velikov]

On 14 December 2016 at 20:01, Chad Versace <chadversary at chromium.org> wrote:
> On Wed 14 Dec 2016, Emil Velikov wrote:
>> On 13 December 2016 at 22:40, Chad Versace <chadversary at chromium.org> wrote:
>> > Don't dereference a null EGLDisplay.
>> >
>> > Fixes tests
>> >   dEQP-EGL.functional.negative_api.create_pbuffer_surface
>> >   dEQP-EGL.functional.negative_api.create_pixmap_surface
>> >
>> > Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=99038
>> > ---
>> >  src/egl/main/eglapi.c | 4 ++--
>> >  1 file changed, 2 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c
>> > index 33d562042f..a349992c46 100644
>> > --- a/src/egl/main/eglapi.c
>> > +++ b/src/egl/main/eglapi.c
>> > @@ -856,7 +856,7 @@ _eglCreateWindowSurfaceCommon(_EGLDisplay *disp, EGLConfig config,
>> >        RETURN_EGL_ERROR(disp, EGL_BAD_NATIVE_WINDOW, EGL_NO_SURFACE);
>> >
>> >  #ifdef HAVE_SURFACELESS_PLATFORM
>> > -   if (disp->Platform == _EGL_PLATFORM_SURFACELESS) {
>> > +   if (disp && disp->Platform == _EGL_PLATFORM_SURFACELESS) {
>> >        /* From the EGL_MESA_platform_surfaceless spec (v1):
>> >         *
>> >         *    eglCreatePlatformWindowSurface fails when called with a <display>
>> > @@ -977,7 +977,7 @@ _eglCreatePixmapSurfaceCommon(_EGLDisplay *disp, EGLConfig config,
>> >     EGLSurface ret;
>> >
>> >  #if HAVE_SURFACELESS_PLATFORM
>> > -   if (disp->Platform == _EGL_PLATFORM_SURFACELESS) {
>> > +   if (disp && disp->Platform == _EGL_PLATFORM_SURFACELESS) {
>
>> Afaict we want to return EGL_FALSE + EGL_BAD_DISPLAY, right ?
>
> We do want to emit EGL_BAD_DISPLAY. And the code will do that if disp is
> null. Below my hunks is a call to _EGL_CHECK_CONFIG(disp, ...), which
> emits EGL_BAD_DISPLAY in that case.
>
You're spot on. I wasn't expecting _eglCheckConfig to call _eglCheckDisplay.
Pardon for the noise.

Reviewed-by: Emil Velikov <emil.velikov at collabora.com>

-Emil