andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ramdac: Check ScreenPriv != NULL in xf86ScreenSetCursor()

Browse Source 
Similar to change cba5a10f, xf86ScreenSetCursor() would dereference ScreenPriv
without NULL checking it. If Option "SWCursor" is specified, ScreenPriv == NULL.

Without this fix, it is observed that setting Option "SWCursor" "on" on the
modesetting driver in a PRIME configuration will segfault the server.

It is important to return success rather than failure in the instance that
ScreenPriv == NULL and pCurs == NullCursor, because otherwise xf86SetCursor()
can fall into infinite recursion: xf86SetCursor(pCurs) calls
xf86ScreenSetCursor(pCurs), and if FALSE, calls xf86SetCursor(NullCursor). If
xf86ScreenSetCursor(NullCursor) returns FALSE, it calls
xf86SetCursor(NullCursor) again and this repeats forever.

Signed-off-by: Alex Goins <agoins@nvidia.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
This commit is contained in:
Alex Goins 2017-10-24 18:39:13 -07:00 committed by Adam Jackson
parent 04163fe8c6
commit 68d95e759f
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hw/xfree86/ramdac/xf86HWCurs.c
View File

@ -181,9 +181,16 @@ xf86ScreenSetCursor(ScreenPtr pScreen, CursorPtr pCurs, int x, int y)
xf86CursorScreenPtr ScreenPriv = xf86CursorScreenPtr ScreenPriv =
(xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates, (xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates,
xf86CursorScreenKey); xf86CursorScreenKey);
xf86CursorInfoPtr infoPtr = ScreenPriv->CursorInfoPtr;
xf86CursorInfoPtr infoPtr;
unsigned char *bits; unsigned char *bits;
if (!ScreenPriv) { /* NULL if Option "SWCursor" */
return (pCurs == NullCursor);
}
infoPtr = ScreenPriv->CursorInfoPtr;
if (pCurs == NullCursor) { if (pCurs == NullCursor) {
(*infoPtr->HideCursor) (infoPtr->pScrn); (*infoPtr->HideCursor) (infoPtr->pScrn);
return TRUE; return TRUE;