[PATCH xserver] xfixes: Remove the CursorCurrent array
Alan Hourihane
alanh at fairlite.co.uk
Fri Dec 8 09:41:36 UTC 2017
On 08/06/17 22:51, Keith Packard wrote:
> Adam Jackson <ajax at redhat.com> writes:
>
>> We're not wrapping all the ways a cursor can be destroyed, so this array
>> ends up with stale data. Rather than try harder to wrap more code paths,
>> just look up the cursor when we need it.
> I'm pretty sure it doesn't matter -- DisplayCursor is only ever called
> while *both* cursors are still valid. Here's the DIX code:
>
> (*pScreen->DisplayCursor) (pDev, pScreen, cursor);
> FreeCursor(pSprite->current, (Cursor) 0);
> pSprite->current = RefCursor(cursor);
>
> Note that InitializeSprite also sets pSprite->current *before* calling
> DisplayCursor, which breaks your assumption. I don't think that matters
> as it should only be done before a client could possibly know about the
> device?
>
> I can see why you might want to get rid of the magic array; seems like
> this should just be using a private in the device.
>
So what's happening with this ?
I've just posted a fix which has been on RedHat's radar for 18 months
with the same patch
that DIX does above, in the xfixes/cursor.c code paths.
You can easily crash the Xserver without this fix.
Alan.
More information about the xorg-devel
mailing list