[PATCH 2/2] glx: Free DRI2 drawable reference to destroyed GLX drawable.
Michel Dänzer
michel at daenzer.net
Thu Jul 12 04:16:37 PDT 2012
From: Michel Dänzer <michel.daenzer at amd.com>
Otherwise the reference can lead to use after free in
__glXDRIinvalidateBuffers().
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=50019
Signed-off-by: Michel Dänzer <michel.daenzer at amd.com>
---
glx/glxdri2.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/glx/glxdri2.c b/glx/glxdri2.c
index 909de70..be5afbc 100644
--- a/glx/glxdri2.c
+++ b/glx/glxdri2.c
@@ -106,6 +106,7 @@ struct __GLXDRIdrawable {
int height;
__DRIbuffer buffers[MAX_DRAWABLE_BUFFERS];
int count;
+ XID dri2_id;
};
static void
@@ -114,6 +115,8 @@ __glXDRIdrawableDestroy(__GLXdrawable * drawable)
__GLXDRIdrawable *private = (__GLXDRIdrawable *) drawable;
const __DRIcoreExtension *core = private->screen->core;
+ FreeResource(private->dri2_id, FALSE);
+
(*core->destroyDrawable) (private->driDrawable);
__glXDrawableRelease(drawable);
@@ -670,8 +673,9 @@ __glXDRIscreenCreateDrawable(ClientPtr client,
private->base.waitGL = __glXDRIdrawableWaitGL;
private->base.waitX = __glXDRIdrawableWaitX;
- if (DRI2CreateDrawable(client, pDraw, drawId,
- __glXDRIinvalidateBuffers, private)) {
+ if (DRI2CreateDrawable2(client, pDraw, drawId,
+ __glXDRIinvalidateBuffers, private,
+ &private->dri2_id)) {
free(private);
return NULL;
}
--
1.7.10.4
More information about the xorg-devel
mailing list