[Xcb] segfault on error path in xcb_render_util_query_version

Sun Aug 17 13:32:57 PDT 2014

While futzing around with xscope, I got xcb_render_util_query_version()
to bomb out. I pointed xscope at a wrong port, so when it received an
incoming connection, it couldn't set up a proxy connection, bailed out,
and closed the connection from the client.

The relevant traceback is:

#0  xcb_setup_vendor_end (R=R at entry=0x0) at xproto.c:1557
#1  0x0000003141a0dc49 in xcb_setup_pixmap_formats_iterator (R=R at entry=0x0)
    at xproto.c:1610
#2  0x0000003141a0dc89 in xcb_setup_roots_iterator (R=0x0) at xproto.c:1647
#3  0x00007ffff75c0853 in has_required_depths (c=0x3141a1771c  
<xcb_con_error>)
    at cache.c:100
#4  find_or_create_display (c=0x3141a1771c <xcb_con_error>) at cache.c:155
#5  find_display (c=0x3141a1771c <xcb_con_error>) at cache.c:192
#6  0x00007ffff75c0b59 in xcb_render_util_query_version (c=<optimized out>)
    at cache.c:200

xcb_setup_vendor_end() is getting a NULL pointer parameter, and is very  
unhappy.

Looks like things are going wrong in has_required_depths():

96	has_required_depths (xcb_connection_t *c)
97	{
98	    xcb_screen_iterator_t screens;
99	    xcb_pixmap_t pixmap = { -1 };
100	    for (screens = xcb_setup_roots_iterator(xcb_get_setup(c)); screens.rem; xcb_screen_next(&screens))
101	    {

xcb_get_setup() appears to be returning a null pointer, which is passed into  
xcb_setup_roots_iterator(), and things pretty much roll downhill from that  
point on.

I'm calling xcb_render_util_query_version() immediately after xcb_connect()  
seemingly succeeded, and returned a valid handle.

To work around this, I added an explicit call to xcb_get_setup(), and a  
check for a null return value, prior to calling  
xcb_render_util_query_version().
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/xcb/attachments/20140817/9bfeaf94/attachment.sig>