rpms/xorg-x11-server-Xwayland
6
0
Fork 0
Code Issues Pull Requests Releases Activity
c9s
xorg-x11-server-Xwayland/0002-dix-keep-a-ref-to-the-rootCursor.patch

50 lines
1.5 KiB
Diff
Raw Permalink Blame History

From a28f9bd06500db5594605cc042882a3527eb67a9 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 4 Dec 2024 15:49:43 +1000
Subject: [PATCH xserver 02/13] dix: keep a ref to the rootCursor
CreateCursor returns a cursor with refcount 1 - that refcount is used by
the resource system, any caller needs to call RefCursor to get their own
reference. That happens correctly for normal cursors but for our
rootCursor we keep a variable to the cursor despite not having a ref for
ourselves.
Fix this by reffing/unreffing the rootCursor to ensure our pointer is
valid.
Related to CVE-2025-26594, ZDI-CAN-25544
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit b0a09ba6020147961acc62d9c73d807b4cccd9f7)
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1831>
---
dix/main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/dix/main.c b/dix/main.c
index dd0cfba06..982234965 100644
--- a/dix/main.c
+++ b/dix/main.c
@@ -230,6 +230,8 @@ dix_main(int argc, char *argv[], char *envp[])
FatalError("could not open default cursor font");
}
+ rootCursor = RefCursor(rootCursor);
+
#ifdef PANORAMIX
/*
* Consolidate window and colourmap information for each screen
@@ -270,6 +272,8 @@ dix_main(int argc, char *argv[], char *envp[])
Dispatch();
+ UnrefCursor(rootCursor);
+
UndisplayDevices();
DisableAllDevices();
--
2.48.1
Reference in New Issue View Git Blame Copy Permalink