Fix segfault in Xwayland due to cursor update after unrealize

2016-07-04 14:10:22 +02:00 · 2016-07-04 14:10:22 +02:00 · e6e01954a9
commit e6e01954a9
parent 9ad47a897e
2 changed files with 61 additions and 1 deletions
--- a/0001-wayland-clear-resource-for-pixmap-on-unrealize.patch
+++ b/0001-wayland-clear-resource-for-pixmap-on-unrealize.patch
@ -0,0 +1,54 @@
+From edd24aa50b17849b904a3ac5429e333bac9bac9c Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 6 Jun 2016 09:22:28 +0200
+Subject: [PATCH xserver] wayland: clear resource for pixmap on unrealize
+
+On cursor unrealize, the associated pixmap is destroyed, make sure we
+clear the pointer from the private resource and check for the value
+being non-null when setting or destroying the cursor.
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96246
+---
+ hw/xwayland/xwayland-cursor.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c
+index 76729db..74dfe4e 100644
+--- a/hw/xwayland/xwayland-cursor.c
+++ b/hw/xwayland/xwayland-cursor.c
+@@ -76,8 +76,20 @@ static Bool
+ xwl_unrealize_cursor(DeviceIntPtr device, ScreenPtr screen, CursorPtr cursor)
+ {
+     PixmapPtr pixmap;
+    struct xwl_seat *xwl_seat;
+ 
+     pixmap = dixGetPrivate(&cursor->devPrivates, &xwl_cursor_private_key);
+    if (!pixmap)
+        return TRUE;
+
+    dixSetPrivate(&cursor->devPrivates, &xwl_cursor_private_key, NULL);
+
+    /* When called from FreeCursor(), device is always NULL */
+    if (device) {
+        xwl_seat = device->public.devicePrivate;
+        if (xwl_seat && cursor == xwl_seat->x_cursor)
+            xwl_seat->x_cursor = NULL;
+    }
+ 
+     return xwl_shm_destroy_pixmap(pixmap);
+ }
+@@ -122,6 +134,9 @@ xwl_seat_set_cursor(struct xwl_seat *xwl_seat)
+ 
+     cursor = xwl_seat->x_cursor;
+     pixmap = dixGetPrivate(&cursor->devPrivates, &xwl_cursor_private_key);
+    if (!pixmap)
+        return;
+
+     stride = cursor->bits->width * 4;
+     if (cursor->bits->argb)
+         memcpy(pixmap->devPrivate.ptr,
+-- 
+2.7.4
+
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@ -45,7 +45,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.18.3
-Release:   7%{?gitdate:.%{gitdate}}%{dist}
+Release:   8%{?gitdate:.%{gitdate}}%{dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@ -113,6 +113,9 @@ Patch10003: 0002-present-Fix-presentation-of-flips-out-of-order.patch
 Patch10004: 0001-xkb-after-changing-the-keymap-force-an-indicator-upd.patch
 Patch10005: 0001-xkb-add-a-cause-to-the-xkb-indicator-update-after-a-.patch

+# Bug 1338979 - Xwayland: Segmentation fault in cursor update after unrealize
+Patch10006: 0001-wayland-clear-resource-for-pixmap-on-unrealize.patch
+
 %global moduledir	%{_libdir}/xorg/modules
 %global drimoduledir	%{_libdir}/dri
 %global sdkdir		%{_includedir}/xorg
@ -650,6 +653,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete


 %changelog
+* Mon Jul 04 2016 Olivier Fourdan <ofourdan@redhat.com> 1.18.3-8
+- Fix segfault in Xwayland due to cursor update after unrealize (#1338979)
+
 * Tue Jun 28 2016 Peter Hutterer <peter.hutterer@redhat.com> 1.18.3-7
 - Fix segfault caused by forced indicator update (#1335439)