[PATCH qxl] qxl: Initialize prev field while dup surface list
Victor Toso
victortoso at redhat.com
Tue Oct 23 12:48:08 UTC 2018
From: Victor Toso <me at victortoso.com>
Otherwise we will can hit a segfault qxl_surface_kill()
│717 void
│718 qxl_surface_kill (qxl_surface_t *surface)
│719 {
│720 struct evacuated_surface_t *ev = surface->evacuated;
│721
│722 if (ev)
│723 {
│724 /* server side surface is already destroyed (via reset), don't
│725 * resend a destroy. Just mark surface as not to be recreated */
│726 ev->pixmap = NULL;│
│727 if (ev->image)│
│728 pixman_image_unref (ev->image);
│729 if (ev->next)
│730 ev->next->prev = ev->prev;
│731 if (ev->prev)
>│732 ev->prev->next = ev->next;
│733 free(ev);
│734 surface->evacuated = NULL;
│735 return;
│736 }
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1641793
Signed-off-by: Victor Toso <victortoso at redhat.com>
---
src/qxl_surface_ums.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qxl_surface_ums.c b/src/qxl_surface_ums.c
index 2c16ede..19cbd36 100644
--- a/src/qxl_surface_ums.c
+++ b/src/qxl_surface_ums.c
@@ -792,6 +792,7 @@ qxl_surface_cache_evacuate_all (surface_cache_t *cache)
unlink_surface (s);
+ evacuated->prev = NULL;
evacuated->next = evacuated_surfaces;
if (evacuated_surfaces)
evacuated_surfaces->prev = evacuated;
--
2.17.2
More information about the xorg-devel
mailing list