[Spice-devel] [PATCH xf86-video-qxl] Fix crash caused by attempting to access the screen pixmap before it is created
Hans de Goede
hdegoede at redhat.com
Tue Oct 4 12:08:13 UTC 2016
qxl_resize_primary_to_virtual() was using pScrn->pScreen != NULL to check
if createScreenResources has been called. But starting with xserver 1.19
pScrn->pScreen is non NULL even before createScreenResources is called,
causing an invalid access to the screenPixmap in
qxl_resize_primary_to_virtual().
This commit fixes this.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1381045
Signed-off-by: Hans de Goede <hdegoede at redhat.com>
---
src/qxl.h | 1 +
src/qxl_driver.c | 6 +++---
src/qxl_kms.c | 1 +
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/qxl.h b/src/qxl.h
index 5cc8d05..885048c 100644
--- a/src/qxl.h
+++ b/src/qxl.h
@@ -234,6 +234,7 @@ struct _qxl_screen_t
struct qxl_ring * cursor_ring;
struct qxl_ring * release_ring;
+ Bool screen_resources_created;
int device_primary;
struct qxl_bo * primary_bo;
int num_modes;
diff --git a/src/qxl_driver.c b/src/qxl_driver.c
index fc1b629..8aecf3c 100644
--- a/src/qxl_driver.c
+++ b/src/qxl_driver.c
@@ -530,7 +530,6 @@ qxl_create_primary(qxl_screen_t *qxl)
Bool
qxl_resize_primary_to_virtual (qxl_screen_t *qxl)
{
- ScreenPtr pScreen;
long new_surface0_size;
if ((qxl->primary_mode.x_res == qxl->virtual_x &&
@@ -566,9 +565,9 @@ qxl_resize_primary_to_virtual (qxl_screen_t *qxl)
qxl->primary = qxl_create_primary(qxl);
qxl->bytes_per_pixel = (qxl->pScrn->bitsPerPixel + 7) / 8;
- pScreen = qxl->pScrn->pScreen;
- if (pScreen)
+ if (qxl->screen_resources_created)
{
+ ScreenPtr pScreen = qxl->pScrn->pScreen;
PixmapPtr root = pScreen->GetScreenPixmap (pScreen);
if (qxl->deferred_fps <= 0)
@@ -645,6 +644,7 @@ qxl_create_screen_resources (ScreenPtr pScreen)
qxl_create_desired_modes (qxl);
qxl_update_edid (qxl);
+ qxl->screen_resources_created = TRUE;
return TRUE;
}
diff --git a/src/qxl_kms.c b/src/qxl_kms.c
index fe37af0..d11b20e 100644
--- a/src/qxl_kms.c
+++ b/src/qxl_kms.c
@@ -235,6 +235,7 @@ qxl_create_screen_resources_kms(ScreenPtr pScreen)
if (!uxa_resources_init (pScreen))
return FALSE;
+ qxl->screen_resources_created = TRUE;
return TRUE;
}
--
2.9.3
More information about the Spice-devel
mailing list