DeliverPropertyEvent() accessing unallocated memory
Matthieu Herrb
matthieu.herrb at laas.fr
Tue Nov 25 03:55:18 PST 2008
Adam Jackson wrote:
> On Sat, 2008-11-22 at 13:07 +0100, Matthieu Herrb wrote:
>> Matthieu Herrb wrote:
>>> Hi,
>>>
>>> using OpenBSD's memory allocator (which has an option to fill free()'d
>>> memory with a specific pattern) I found out that xserver 1.5.3 is
>>> dumping core on exit.
>> Same problem on git's master.
>>
>>> This is caused by a bad pointer caused by accessing free'd memory in
>>> DeliverPropertyEvent, because when the RRProperties are destroyed, the
>>> associated windows have been free'd already.
>>>
>> So, no help on how to fix that? Should we just remove
>> RRDeleteAllOutputProperties() since it can't work?
>
> It does work, when outputs are deleted at runtime. It just can't work
> during server shutdown since windows are already gone, so there's
> nothing to deliver events to.
>
> Something like this maybe:
>
> --- a/randr/rrproperty.c
> +++ b/randr/rrproperty.c
> @@ -59,7 +59,8 @@ DeliverPropertyEvent(WindowPtr pWin, void *value)
>
> static void RRDeliverPropertyEvent(ScreenPtr pScreen, xEvent *event)
> {
> - WalkTree(pScreen, DeliverPropertyEvent, event);
> + if (!(dispatchException & (DE_RESET | DE_TERMINATE)))
> + WalkTree(pScreen, DeliverPropertyEvent, event);
> }
>
> void
>
> ---
Thanks for the answer. That seems to work indeed.
--
Matthieu Herrb
More information about the xorg
mailing list