From e8295c50209f2963fa2823e8de7e8363a38cd2d1 Mon Sep 17 00:00:00 2001 From: Olivier Fourdan Date: Tue, 8 Jan 2019 12:48:53 +0100 Subject: [PATCH] xwayland: handle case without any crtc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Xwayland creates and destroys the CRTC along with the Wayland outputs, so there is possibly a case where the number of CRTC drops to 0. However, `xwl_present_get_crtc()` always return `crtcs[0]` which is invalid when `numCrtcs` is 0. That leads to crash if a client queries the Present capabilities when there is no CRTC, the backtrace looks like: #0 raise() from libc.so #1 abort() from libc.so #2 OsAbort() at utils.c:1350 #3 AbortServer() at log.c:879 #4 FatalError() at log.c:1017 #5 OsSigHandler() at osinit.c:156 #6 OsSigHandler() at osinit.c:110 #7 #8 main_arena() from libc.so #9 proc_present_query_capabilities() at present_request.c:236 #10 Dispatch() at dispatch.c:478 #11 dix_main() at main.c:276 To avoid returning an invalid pointer (`crtcs[0]`) in that case, simply check for `numCrtcs` being 0 and return `NULL` in that case. Thanks to Michel Dänzer for pointing this as a possible cause of the crash. Signed-off-by: Olivier Fourdan Reviewed-by: Michel Dänzer Bugzilla: https://bugzilla.redhat.com/1609181 --- hw/xwayland/xwayland-present.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c index 2d5597bc4..192f59a65 100644 --- a/hw/xwayland/xwayland-present.c +++ b/hw/xwayland/xwayland-present.c @@ -323,6 +323,10 @@ xwl_present_get_crtc(WindowPtr present_window) return NULL; rr_private = rrGetScrPriv(present_window->drawable.pScreen); + + if (rr_private->numCrtcs == 0) + return NULL; + return rr_private->crtcs[0]; }