[PATCH 1/3] pixmap: have slave pixmap take a reference on master pixmap
Dave Airlie
airlied at gmail.com
Thu Aug 2 23:44:42 PDT 2012
From: Dave Airlie <airlied at redhat.com>
Since the free routines free the master pixmap then the slave, we should
be taking a reference when we bind them together.
Fixes a use-after-free when resizing a primed gears.
Signed-off-by: Dave Airlie <airlied at redhat.com>
---
dix/pixmap.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/dix/pixmap.c b/dix/pixmap.c
index 9163e99..2418812 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -148,6 +148,10 @@ PixmapPtr PixmapShareToSlave(PixmapPtr pixmap, ScreenPtr slave)
pixmap->drawable.height, depth, 0,
pixmap->devKind, NULL);
+ /* have the slave pixmap take a reference on the master pixmap
+ later we destroy them both at the same time */
+ pixmap->refcnt++;
+
spix->master_pixmap = pixmap;
ret = slave->SetSharedPixmapBacking(spix, handle);
--
1.7.11.2
More information about the xorg-devel
mailing list