ramdac: Check ScreenPriv != NULL in xf86ScreenSetCursor()
Similar to change cba5a10f
, xf86ScreenSetCursor() would dereference ScreenPriv
without NULL checking it. If Option "SWCursor" is specified, ScreenPriv == NULL.
Without this fix, it is observed that setting Option "SWCursor" "on" on the
modesetting driver in a PRIME configuration will segfault the server.
It is important to return success rather than failure in the instance that
ScreenPriv == NULL and pCurs == NullCursor, because otherwise xf86SetCursor()
can fall into infinite recursion: xf86SetCursor(pCurs) calls
xf86ScreenSetCursor(pCurs), and if FALSE, calls xf86SetCursor(NullCursor). If
xf86ScreenSetCursor(NullCursor) returns FALSE, it calls
xf86SetCursor(NullCursor) again and this repeats forever.
Signed-off-by: Alex Goins <agoins@nvidia.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
This commit is contained in:
parent
04163fe8c6
commit
68d95e759f
|
@ -181,9 +181,16 @@ xf86ScreenSetCursor(ScreenPtr pScreen, CursorPtr pCurs, int x, int y)
|
||||||
xf86CursorScreenPtr ScreenPriv =
|
xf86CursorScreenPtr ScreenPriv =
|
||||||
(xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates,
|
(xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates,
|
||||||
xf86CursorScreenKey);
|
xf86CursorScreenKey);
|
||||||
xf86CursorInfoPtr infoPtr = ScreenPriv->CursorInfoPtr;
|
|
||||||
|
xf86CursorInfoPtr infoPtr;
|
||||||
unsigned char *bits;
|
unsigned char *bits;
|
||||||
|
|
||||||
|
if (!ScreenPriv) { /* NULL if Option "SWCursor" */
|
||||||
|
return (pCurs == NullCursor);
|
||||||
|
}
|
||||||
|
|
||||||
|
infoPtr = ScreenPriv->CursorInfoPtr;
|
||||||
|
|
||||||
if (pCurs == NullCursor) {
|
if (pCurs == NullCursor) {
|
||||||
(*infoPtr->HideCursor) (infoPtr->pScrn);
|
(*infoPtr->HideCursor) (infoPtr->pScrn);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user