[PATCH xserver] xwayland: avoid a crash with empty window pixmaps

[Daniel Stone]

Hi,

On 23 January 2018 at 09:42, Olivier Fourdan <ofourdan at redhat.com> wrote:
> On 22 January 2018 at 19:57, Adam Jackson <ajax at nwnk.net> wrote:
>> That can't really be the problem. X drawables are never 0x0.
>
> Yeap, I don't know how we end with a pximap of size 0×0:
>
> [...]
> (gdb) f 7
> #7  xwl_glamor_pixmap_get_wl_buffer (pixmap=pixmap at entry=0x1e5b6f0) at
> xwayland-glamor.c:162
> 162     if (xwl_pixmap->buffer)
>
> (gdb) p *pixmap
> $1 = {drawable = {type = 1 '\001', class = 0 '\000', depth = 24 '\030',
> bitsPerPixel = 32 ' ', id = 0, x = 0, y = 0, width = 0, height = 0,
>     pScreen = 0x161d200, serialNumber = 1}, devPrivates = 0x1e5b738, refcnt
> = 1, devKind = 0, devPrivate = {ptr = 0x1e5b7c0, val = 31832000,
>     uval = 31832000, fptr = 0x1e5b7c0}, screen_x = 0, screen_y = 0,
> usage_hint = 0, master_pixmap = 0x0}
>
> How we end up here is unclear though, xwl_pixmap is “optimized out” but
> considering it's a segfault I assume it's NULL.
>
> If we also assume the pixmap was of size 0×0 when xwl_glamor_create_pixmap()
> was called, then we wouldn't be calling xwl_glamor_create_pixmap_for_bo()
> which would not call xwl_pixmap_set_private():

Ooh. serialNumber == 1 means it's the root pixmap, which will actually
be uselessly empty. It would be interesting to see how we've ended up
here: it would have to be a top-level window which a) was manually
redirected by the WM when it was created, b) had damage posted on it,
and c) was unredirected (in that order). I can't think of how that
would happen; maybe you could place logs for the triggers (e.g.
removing the last manual redirect on a window) somewhere?

It would be good to see what the WindowRec under xwl_window looks
like; maybe that could offer us a clue.

Cheers,
Daniel