[PATCH] XFixes: Fix cursor reference when calling, XFixesGetCursorImage or XFixesGetCursorImageAndName.
Alan Hourihane
alanh at fairlite.co.uk
Thu Dec 7 09:54:25 UTC 2017
[v2]
These two calls save a pointer to the current cursor during
DisplayCursor(), but the cursor can be destroyed leaving a dangling
reference. This patch wraps this using the cursor reference counters to
ensure the cursor isn't deleted during it's use.
This bug was fixed in RedHat's bugzilla database 18 months ago.
https://bugzilla.redhat.com/show_bug.cgi?id=1357694
Signed-off-by: Alan Hourihane <alanh at fairlite.co.uk>
---
xfixes/cursor.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/xfixes/cursor.c b/xfixes/cursor.c
index 09cf2fa69..e2233ec05 100644
--- a/xfixes/cursor.c
+++ b/xfixes/cursor.c
@@ -154,7 +154,10 @@ CursorDisplayCursor(DeviceIntPtr pDev, ScreenPtr
pScreen, C
ursorPtr pCursor)
CursorEventPtr e;
UpdateCurrentTimeIf();
- CursorCurrent[pDev->id] = pCursor;
+ if (CursorCurrent[pDev->id] != NULL) {
+ FreeCursor(CursorCurrent[pDev->id], (Cursor) 0);
+ }
+ CursorCurrent[pDev->id] = RefCursor(pCursor);
for (e = cursorEvents; e; e = e->next) {
if ((e->eventMask & XFixesDisplayCursorNotifyMask)) {
xXFixesCursorNotifyEvent ev = {
--
2.13.0
More information about the xorg-devel
mailing list