xfree86: Reset randr_crtc and randr_output early in xf86CrtcCloseScreen

The DIX crtc and output structures are freed when their resources are
destroyed, which happens before CloseScreen is called. As a result, we
know these pointers are invalid and referencing them during any of the
remaining CloseScreen sequence will be bad.

Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Cc: thellstrom@vmware.com
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=106960
This commit is contained in:
Keith Packard 2018-06-28 11:45:15 -07:00 committed by Adam Jackson
parent 49283e238a
commit c55a44a9a8

View File

@ -734,14 +734,11 @@ xf86CrtcCloseScreen(ScreenPtr screen)
xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(scrn);
int o, c;
screen->CloseScreen = config->CloseScreen;
xf86RotateCloseScreen(screen);
xf86RandR12CloseScreen(screen);
screen->CloseScreen(screen);
/* The randr_output and randr_crtc pointers are already invalid as
* the DIX resources were freed when the associated resources were
* freed. Clear them now; referencing through them during the rest
* of the CloseScreen sequence will not end well.
*/
for (o = 0; o < config->num_output; o++) {
xf86OutputPtr output = config->output[o];
@ -752,6 +749,15 @@ xf86CrtcCloseScreen(ScreenPtr screen)
crtc->randr_crtc = NULL;
}
screen->CloseScreen = config->CloseScreen;
xf86RotateCloseScreen(screen);
xf86RandR12CloseScreen(screen);
screen->CloseScreen(screen);
/* detach any providers */
if (config->randr_provider) {
RRProviderDestroy(config->randr_provider);