[RFC PATCH xserver] xwayland: make sure client is not gone in sync callback

Olivier Fourdan ofourdan at redhat.com
Thu Mar 2 09:19:26 UTC 2017

in XWayland, dri3_send_open_reply() is called from a sync callback, so
there is a possibility that the client might be gone when we get to the
callback eventually, which leads to a crash in _XSERVTransSendFd() from
WriteFdToClient() .

Check if clientGone has been set in the sync callback handler to avoid

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99149
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1416553
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
 This seems to be a fairly rare occurence, but we do have bugs filed both
 upstream and downstream for this.
 I don't have any core file unfortunately so this is based solely on 
 the addresses returned by the crash handler, thus the "RFC" on this

 hw/xwayland/xwayland-glamor.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/xwayland/xwayland-glamor.c b/hw/xwayland/xwayland-glamor.c
index b3d0aab..65c3c00 100644
--- a/hw/xwayland/xwayland-glamor.c
+++ b/hw/xwayland/xwayland-glamor.c
@@ -435,9 +435,12 @@ static void
 sync_callback(void *data, struct wl_callback *callback, uint32_t serial)
     struct xwl_auth_state *state = data;
+    ClientPtr client = state->client;
-    dri3_send_open_reply(state->client, state->fd);
-    AttendClient(state->client);
+    if (!client->clientGone) {
+        dri3_send_open_reply(client, state->fd);
+        AttendClient(client);
+    }

More information about the xorg-devel mailing list