4308f5d3d1
If a client is in the process of being closed down, then its client->osPrivate pointer will be set to NULL by CloseDownConnection. This can cause a crash if freeing the client's resources results in a call to AttendClient. For example, if the client has a pending sync fence: Thread 1 "X" received signal SIGSEGV, Segmentation fault. AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942 (gdb) bt #0 AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942 #1 0x00005571c3dbb865 in SyncAwaitTriggerFired (pTrigger=<optimized out>) at ../Xext/sync.c:694 #2 0x00005571c3dd5749 in miSyncDestroyFence (pFence=0x5571c5063980) at ../miext/sync/misync.c:120 #3 0x00005571c3dbbc69 in FreeFence (obj=<optimized out>, id=<optimized out>) at ../Xext/sync.c:1909 #4 0x00005571c3d7a01d in doFreeResource (res=0x5571c506e3d0, skip=skip@entry=0) at ../dix/resource.c:880 #5 0x00005571c3d7b1dc in FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1146 #6 FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1109 #7 0x00005571c3d5525f in CloseDownClient (client=0x5571c4aed9a0) at ../dix/dispatch.c:3473 #8 0x00005571c3d55eeb in Dispatch () at ../dix/dispatch.c:492 #9 0x00005571c3d59e96 in dix_main (argc=3, argv=0x7ffe7854bc28, envp=<optimized out>) at ../dix/main.c:276 #10 0x00007fea4837cb6b in __libc_start_main (main=0x5571c3d1d060 <main>, argc=3, argv=0x7ffe7854bc28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe7854bc18) at ../csu/libc-start.c:308 #11 0x00005571c3d1d09a in _start () at ../Xext/sync.c:2378 (gdb) print client->osPrivate $1 = (void *) 0x0 Since the client is about to be freed, its ignore count doesn't matter and AttendClient can simply be a no-op. Check for client->clientGone in AttendClient and remove similar checks from two callers that had them. Signed-off-by: Aaron Plattner <aplattner@nvidia.com> |
||
---|---|---|
.. | ||
bigreq.c | ||
dpms.c | ||
dpmsproc.h | ||
geext.c | ||
geext.h | ||
geint.h | ||
hashtable.c | ||
hashtable.h | ||
Makefile.am | ||
meson.build | ||
panoramiX.c | ||
panoramiX.h | ||
panoramiXh.h | ||
panoramiXprocs.c | ||
panoramiXsrv.h | ||
panoramiXSwap.c | ||
saver.c | ||
security.c | ||
securitysrv.h | ||
shape.c | ||
shm.c | ||
shmint.h | ||
sleepuntil.c | ||
sleepuntil.h | ||
sync.c | ||
syncsdk.h | ||
syncsrv.h | ||
vidmode.c | ||
xace.c | ||
xace.h | ||
xacestr.h | ||
xcmisc.c | ||
xf86bigfont.c | ||
xf86bigfontsrv.h | ||
xres.c | ||
xselinux_ext.c | ||
xselinux_hooks.c | ||
xselinux_label.c | ||
xselinux.h | ||
xselinuxint.h | ||
xtest.c | ||
xvdisp.c | ||
xvdisp.h | ||
xvdix.h | ||
xvmain.c | ||
xvmc.c | ||
xvmcext.h |