[Spice-devel] [PATCH xf86-qxl 05/27] fix two segfaults in qxl_free_surface
Marc-André Lureau
marcandre.lureau at gmail.com
Mon Jul 16 08:38:29 PDT 2012
From: Alon Levy <alevy at redhat.com>
Both results from ProcFreePixmap being called in unanticipated
circumstances:
cache->all_surfaces is NULL
surface->host_image is NULL
To reproduce the following scripts work, in tandem:
create xterms, destroy them
chvt
============ xterm_test ============
import os
import subprocess
import time
import atexit
env = os.environ
env['DISPLAY'] = ':0.0'
xterms = []
def kill_all():
print "killing xterms"
for x in xterms:
x.kill()
del xterms[:]
atexit.register(kill_all)
while True:
for i in range(10):
xterms.append(subprocess.Popen(['xterm', '+u8']))
time.sleep(1)
kill_all()
============= chvt_test_helper ============
XPID=`pgrep Xorg`
XTTY=`find /proc/$XPID/fd -lname "/dev/tty*"`
XTTY=`readlink $XTTY`
XTTY=${XTTY#/dev/tty}
echo "chvt 1 (from Xorg)"
chvt 1
sleep 2
echo "chvt $XTTY (to Xorg)"
chvt $XTTY
============== chvt_test =================
while true; do ./chvt-test ; sleep 3; done
---
src/qxl_surface.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/qxl_surface.c b/src/qxl_surface.c
index e58a0d4..347503d 100644
--- a/src/qxl_surface.c
+++ b/src/qxl_surface.c
@@ -871,7 +871,12 @@ qxl_surface_kill (qxl_surface_t *surface)
unlink_surface (surface);
+ if (!surface->cache->all_surfaces) {
+ return;
+ }
+
if (surface->id != 0 &&
+ surface->host_image &&
pixman_image_get_width (surface->host_image) >= 128 &&
pixman_image_get_height (surface->host_image) >= 128)
{
--
1.7.10.4
More information about the Spice-devel
mailing list