[PATCH 2/7] compositor: fix two crashs on surface_attach() with null buffer

Ander Conselvan de Oliveira ander.conselvan.de.oliveira at intel.com
Wed Feb 15 07:02:53 PST 2012


The condition to return from surface_attach with a null buffer involves
es->output being non-null. However if a surface was just created this
field would be null and an attach of a null buffer would cause the
compositor to crash.

The other crash happened if surface_attach was called twice with a
null buffer after a valid buffer was attached to the surface. Since
es->buffer was not being set to NULL, surface_attach() would call
wl_list_remove(&es->buffer_destroy_listener.link) twice for the same
surface.

Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira at intel.com>
---
 src/compositor.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/src/compositor.c b/src/compositor.c
index ab90ded..237509f 100644
--- a/src/compositor.c
+++ b/src/compositor.c
@@ -1151,6 +1151,9 @@ surface_attach(struct wl_client *client,
 	struct weston_shell *shell = es->compositor->shell;
 	struct wl_buffer *buffer;
 
+	if (!buffer_resource && !es->output)
+		return;
+
 	weston_surface_damage_below(es);
 
 	if (es->buffer) {
@@ -1162,6 +1165,7 @@ surface_attach(struct wl_client *client,
 		wl_list_remove(&es->link);
 		es->visual = WESTON_NONE_VISUAL;
 		es->output = NULL;
+		es->buffer = NULL;
 		return;
 	}
 
-- 
1.7.4.1



More information about the wayland-devel mailing list