[PATCH 3/5] compositor: fix two crashs on surface_attach() with null buffer
Ander Conselvan de Oliveira
ander.conselvan.de.oliveira at intel.com
Fri Feb 10 08:31:36 PST 2012
The condition to return from surface_attach with a null buffer involves
es->output being non-null. However if a surface was just created this
field would be null and an attach of a null buffer would cause the
compositor to crash.
The other crash happened if surface_attach was called twice with a
null buffer after a valid buffer was attached to the surface. Since
es->buffer was not being set to NULL, surface_attach() would call
wl_list_remove(&es->buffer_destroy_listener.link) twice for the same
surface.
---
src/compositor.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/compositor.c b/src/compositor.c
index 1545990..a519893 100644
--- a/src/compositor.c
+++ b/src/compositor.c
@@ -1095,6 +1095,9 @@ surface_attach(struct wl_client *client,
struct weston_shell *shell = es->compositor->shell;
struct wl_buffer *buffer;
+ if (!buffer_resource && !es->output)
+ return;
+
weston_surface_damage_below(es);
if (es->buffer) {
@@ -1106,6 +1109,7 @@ surface_attach(struct wl_client *client,
wl_list_remove(&es->link);
es->visual = WESTON_NONE_VISUAL;
es->output = NULL;
+ es->buffer = NULL;
return;
}
--
1.7.4.1
More information about the wayland-devel
mailing list