andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

glx: Fix use after free in DrawableGone

Browse Source 
(note that nearly identical patches were proposed by Kristian and Chris)

Signed-off-by: Kristian Høgsberg <krh@bitplanet.net>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reported-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Tested-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Kristian Høgsberg 2010-09-23 09:04:11 -04:00 committed by Keith Packard
parent e416965bfd
commit 2f0abd7d69
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
glx/glxext.c
View File

@ -124,7 +124,7 @@ static int glxBlockClients;
*/
static Bool DrawableGone(__GLXdrawable *glxPriv, XID xid)
{
__GLXcontext *c;
__GLXcontext *c, *next;
/* If this drawable was created using glx 1.3 drawable
* constructors, we added it as a glx drawable resource under both
@ -137,7 +137,8 @@ static Bool DrawableGone(__GLXdrawable *glxPriv, XID xid)
FreeResourceByType(glxPriv->drawId, __glXDrawableRes, TRUE);
}
for (c = glxAllContexts; c; c = c->next) {
for (c = glxAllContexts; c; c = next) {
next = c->next;
if (c->isCurrent && (c->drawPriv == glxPriv || c->readPriv == glxPriv)) {
int i;
@ -160,15 +161,13 @@ static Bool DrawableGone(__GLXdrawable *glxPriv, XID xid)
}
}
}
if (!c->idExists) {
__glXFreeContext(c);
}
}
if (c->drawPriv == glxPriv)
c->drawPriv = NULL;
if (c->readPriv == glxPriv)
c->readPriv = NULL;
if (!c->idExists && !c->isCurrent)
__glXFreeContext(c);
}
glxPriv->destroy(glxPriv);