[Spice-devel] [PATCH xf86-video-qxl] Fix crash caused by attempting to access the screen pixmap before it is created

Hans de Goede hdegoede at redhat.com
Tue Oct 4 12:08:13 UTC 2016


qxl_resize_primary_to_virtual() was using pScrn->pScreen != NULL to check
if createScreenResources has been called. But starting with xserver 1.19
pScrn->pScreen is non NULL even before createScreenResources is called,
causing an invalid access to the screenPixmap in
qxl_resize_primary_to_virtual().

This commit fixes this.

BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1381045
Signed-off-by: Hans de Goede <hdegoede at redhat.com>
---
 src/qxl.h        | 1 +
 src/qxl_driver.c | 6 +++---
 src/qxl_kms.c    | 1 +
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/qxl.h b/src/qxl.h
index 5cc8d05..885048c 100644
--- a/src/qxl.h
+++ b/src/qxl.h
@@ -234,6 +234,7 @@ struct _qxl_screen_t
     struct qxl_ring *		cursor_ring;
     struct qxl_ring *		release_ring;
 
+    Bool                        screen_resources_created;
     int                         device_primary;
     struct qxl_bo *             primary_bo;
     int				num_modes;
diff --git a/src/qxl_driver.c b/src/qxl_driver.c
index fc1b629..8aecf3c 100644
--- a/src/qxl_driver.c
+++ b/src/qxl_driver.c
@@ -530,7 +530,6 @@ qxl_create_primary(qxl_screen_t *qxl)
 Bool
 qxl_resize_primary_to_virtual (qxl_screen_t *qxl)
 {
-    ScreenPtr pScreen;
     long new_surface0_size;
 
     if ((qxl->primary_mode.x_res == qxl->virtual_x &&
@@ -566,9 +565,9 @@ qxl_resize_primary_to_virtual (qxl_screen_t *qxl)
     qxl->primary = qxl_create_primary(qxl);
     qxl->bytes_per_pixel = (qxl->pScrn->bitsPerPixel + 7) / 8;
     
-    pScreen = qxl->pScrn->pScreen;
-    if (pScreen)
+    if (qxl->screen_resources_created)
     {
+        ScreenPtr pScreen = qxl->pScrn->pScreen;
 	PixmapPtr root = pScreen->GetScreenPixmap (pScreen);
 
         if (qxl->deferred_fps <= 0)
@@ -645,6 +644,7 @@ qxl_create_screen_resources (ScreenPtr pScreen)
     qxl_create_desired_modes (qxl);
     qxl_update_edid (qxl);
     
+    qxl->screen_resources_created = TRUE;
     return TRUE;
 }
 
diff --git a/src/qxl_kms.c b/src/qxl_kms.c
index fe37af0..d11b20e 100644
--- a/src/qxl_kms.c
+++ b/src/qxl_kms.c
@@ -235,6 +235,7 @@ qxl_create_screen_resources_kms(ScreenPtr pScreen)
     if (!uxa_resources_init (pScreen))
 	return FALSE;
     
+    qxl->screen_resources_created = TRUE;
     return TRUE;
 }
 
-- 
2.9.3



More information about the Spice-devel mailing list