[PATCH xserver v2] xwayland: avoid using freed xwl_window on unrealize
Roman Gilg
subdiff at gmail.com
Wed Apr 18 18:34:02 UTC 2018
On Wed, Apr 18, 2018 at 4:02 PM, Olivier Fourdan <ofourdan at redhat.com> wrote:
> diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c
> index f403ff701..e835a1399 100644
> --- a/hw/xwayland/xwayland-present.c
> +++ b/hw/xwayland/xwayland-present.c
> @@ -73,13 +73,9 @@ xwl_present_reset_timer(struct xwl_window *xwl_window)
> }
>
> void
> -xwl_present_cleanup(WindowPtr window)
> +xwl_present_cleanup(struct xwl_window *xwl_window, WindowPtr window)
> {
> - struct xwl_window *xwl_window = xwl_window_of_top(window);
> - struct xwl_present_event *event, *tmp;
> -
> - if (!xwl_window)
> - return;
> + struct xwl_present_event *event, *tmp;
>
> if (xwl_window->present_window == window) {
I believe this check should be ORed with xwl_window->window == window.
Otherwise in case the top parent window is unrealized first,
xwl_window->present_window != window holds here and afterwards
xwl_present_cleanup won't be called again since the xwl_window is
already gone. I.e. an existing frame callback wouldn't be destroyed in
this case.
> if (xwl_window->present_frame_callback) {
> @@ -91,18 +87,14 @@ xwl_present_cleanup(WindowPtr window)
>
> /* Clear remaining events */
> xorg_list_for_each_entry_safe(event, tmp, &xwl_window->present_event_list, list) {
> - if (event->present_window == window) {
> - xorg_list_del(&event->list);
> - free(event);
> - }
> + xorg_list_del(&event->list);
> + free(event);
> }
More information about the xorg-devel
mailing list