andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
15,607 Commits 86 Branches 473 Tags 48 MiB
C 95%
Roff 1.2%
Objective-C 0.9%
Meson 0.8%
M4 0.6%
Other 1.4%
4cbf1fb1f9
Go to file
Olivier Fourdan 4cbf1fb1f9 xwayland: Avoid double free of RRCrtc and RROutput 
At shutdown, the Xserver will free all its resources which includes the
RRCrtc and RROutput created.

Xwayland would do the same in its xwl_output_destroy() called from
xwl_close_screen(), leading to a double free of existing RRCrtc
RROutput:

 Invalid read of size 4
    at 0x4CDA10: RRCrtcDestroy (rrcrtc.c:689)
    by 0x426E75: xwl_output_destroy (xwayland-output.c:301)
    by 0x424144: xwl_close_screen (xwayland.c:117)
    by 0x460E17: CursorCloseScreen (cursor.c:187)
    by 0x4EB5A3: AnimCurCloseScreen (animcur.c:106)
    by 0x4EF431: present_close_screen (present_screen.c:64)
    by 0x556D40: dix_main (main.c:354)
    by 0x6F0D290: (below main) (in /usr/lib/libc-2.24.so)
  Address 0xbb1fc30 is 0 bytes inside a block of size 728 free'd
    at 0x4C2BDB0: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x4CCE5F: RRCrtcDestroyResource (rrcrtc.c:719)
    by 0x577541: doFreeResource (resource.c:895)
    by 0x5787B5: FreeClientResources (resource.c:1161)
    by 0x578862: FreeAllResources (resource.c:1176)
    by 0x556C54: dix_main (main.c:323)
    by 0x6F0D290: (below main) (in /usr/lib/libc-2.24.so)
  Block was alloc'd at
    at 0x4C2CA6A: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x4CC6DB: RRCrtcCreate (rrcrtc.c:76)
    by 0x426D1C: xwl_output_create (xwayland-output.c:264)
    by 0x4232EC: registry_global (xwayland.c:431)
    by 0x76CB1C7: ffi_call_unix64 (in /usr/lib/libffi.so.6.0.4)
    by 0x76CAC29: ffi_call (in /usr/lib/libffi.so.6.0.4)
    by 0x556CEFD: wl_closure_invoke (connection.c:935)
    by 0x5569CBF: dispatch_event.isra.4 (wayland-client.c:1310)
    by 0x556AF13: dispatch_queue (wayland-client.c:1456)
    by 0x556AF13: wl_display_dispatch_queue_pending
(wayland-client.c:1698)
    by 0x556B33A: wl_display_roundtrip_queue (wayland-client.c:1121)
    by 0x42371C: xwl_screen_init (xwayland.c:631)
    by 0x552F60: AddScreen (dispatch.c:3864)

And:

 Invalid read of size 4
    at 0x522890: RROutputDestroy (rroutput.c:348)
    by 0x42684E: xwl_output_destroy (xwayland-output.c:302)
    by 0x423CF4: xwl_close_screen (xwayland.c:118)
    by 0x4B6377: CursorCloseScreen (cursor.c:187)
    by 0x539503: AnimCurCloseScreen (animcur.c:106)
    by 0x53D081: present_close_screen (present_screen.c:64)
    by 0x43DBF0: dix_main (main.c:354)
    by 0x7068730: (below main) (libc-start.c:289)
  Address 0xc403190 is 0 bytes inside a block of size 154 free'd
    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
    by 0x521DF3: RROutputDestroyResource (rroutput.c:389)
    by 0x45DA61: doFreeResource (resource.c:895)
    by 0x45ECFD: FreeClientResources (resource.c:1161)
    by 0x45EDC2: FreeAllResources (resource.c:1176)
    by 0x43DB04: dix_main (main.c:323)
    by 0x7068730: (below main) (libc-start.c:289)
  Block was alloc'd at
    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
    by 0x52206B: RROutputCreate (rroutput.c:84)
    by 0x426763: xwl_output_create (xwayland-output.c:270)
    by 0x422EDC: registry_global (xwayland.c:432)
    by 0x740FC57: ffi_call_unix64 (unix64.S:76)
    by 0x740F6B9: ffi_call (ffi64.c:525)
    by 0x5495A9D: wl_closure_invoke (connection.c:949)
    by 0x549283F: dispatch_event.isra.4 (wayland-client.c:1274)
    by 0x5493A13: dispatch_queue (wayland-client.c:1420)
    by 0x5493A13: wl_display_dispatch_queue_pending
(wayland-client.c:1662)
    by 0x5493D2E: wl_display_roundtrip_queue (wayland-client.c:1085)
    by 0x4232EC: xwl_screen_init (xwayland.c:632)
    by 0x439F50: AddScreen (dispatch.c:3864)

Split xwl_output_destroy() into xwl_output_destroy() which frees the
wl_output and the xwl_output structure, and xwl_output_remove() which
does the RRCrtcDestroy() and RROutputDestroy() and call the latter only
when an output is effectively removed.

An additional benefit, on top of avoiding a double free, is to avoid
updating the screen size at shutdown.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2016-08-15 14:20:54 -04:00
composite Remove readmask from screen block/wakeup handler 2016-07-18 15:27:51 -04:00
config Remove SIGIO support for input [v5] 2016-05-26 16:07:54 -07:00
damageext dix: Remove pointless client-state callbacks 2016-05-11 11:21:08 -04:00
dbe Convert top level extensions to new *allocarray functions 2015-04-21 16:57:08 -07:00
dix dix: Avoid writing uninitialized bytes in deliverPropertyNotifyEvent 2016-08-15 08:54:45 -07:00
doc Remove readmask from screen block/wakeup handler 2016-07-18 15:27:51 -04:00
dri3 dri3: remove unused file dri3int.h 2016-04-18 11:26:36 -04:00
exa Remove readmask from screen block/wakeup handler 2016-07-18 15:27:51 -04:00
fb Fix alphamap interactions with wfb 2015-09-29 12:21:34 -04:00
glamor Remove readmask from screen block/wakeup handler 2016-07-18 15:27:51 -04:00
glx res: Account for GLXPixmap references too 2016-06-21 11:11:54 -04:00
hw xwayland: Avoid double free of RRCrtc and RROutput 2016-08-15 14:20:54 -04:00
include os: Remove CheckConnections 2016-07-21 15:04:47 -04:00
m4 Add ax_pthread.m4 to m4/ 2016-05-29 19:20:51 -07:00
man Xserver.man: document more transports for -nolisten & -listen options 2015-10-28 14:16:28 -04:00
mi mi: Remove spurious call to OsReleaseSignals from mieqGrowQueue 2016-08-11 21:55:06 -07:00
miext Remove fd_set from Block/Wakeup handler API 2016-07-18 15:27:51 -04:00
os dix: Pass ClientPtr to FlushCallback 2016-08-15 14:02:48 -04:00
present present: Handle event mask updates as specified v2 2016-07-30 15:43:54 -07:00
pseudoramiX Convert top level extensions to new *allocarray functions 2015-04-21 16:57:08 -07:00
randr randr: Add ability to turn PRIME sync off 2016-07-05 14:30:27 -04:00
record record: don't call RecordDeleteContext when AddResource fails 2016-03-08 10:20:04 -05:00
render exa: only draw valid trapezoids 2016-06-17 11:21:30 +02:00
test test: Actually verify that two equivalent touch points are the same 2016-05-29 18:43:16 -07:00
Xext xace: Fix XaceCensorImage to actually censor the right part of the image 2016-08-15 13:12:06 -04:00
xfixes dix: Remove pointless client-state callbacks 2016-05-11 11:21:08 -04:00
Xi Remove SIGIO support for input [v5] 2016-05-26 16:07:54 -07:00
xkb xkb: add a cause to the xkb indicator update after a keymap change 2016-06-29 19:20:17 +10:00
.dir-locals.el Add .dir-locals.el 2013-08-17 12:17:36 +02:00
.gitignore .gitignore: Add new autotools file 'test-driver' 2014-04-21 13:41:42 -07:00
autogen.sh autogen: Set a default subject prefix for patches 2016-02-08 17:41:38 -05:00
configure.ac Build glamor when Xorg or Xephyr are built. 2016-08-13 09:04:32 -07:00
COPYING modesetting: Merge modesetting's COPYING into the xserver's. 2014-09-15 12:46:02 -07:00
devbook.am doc: Create a script to filter xmlto output 2015-01-05 14:24:06 -08:00
docbook.am docbook.am: embed css styles inside the HTML HEAD element 2011-09-21 14:07:49 -07:00
fix-miregion Change region implementation names to eliminate the 'mi' prefix 2010-06-05 17:47:32 -07:00
fix-miregion-private Change region implementation names to eliminate the 'mi' prefix 2010-06-05 17:47:32 -07:00
fix-patch-whitespace Rename region macros to eliminate screen argument 2010-06-05 18:59:00 -07:00
fix-region Rename region macros to eliminate screen argument 2010-06-05 18:59:00 -07:00
Makefile.am DIST_SUBDIRS needs to include glamor, even if it isn't built 2014-02-13 15:25:56 -08:00
manpages.am Xorg: Add a suid root wrapper 2014-03-12 08:50:05 +01:00
README packaging: provide a default README file #24206 2010-01-27 14:00:17 -08:00
xorg-server.m4 macros: clarify documentation 2012-11-05 13:24:57 -06:00
xorg-server.pc.in xfree86: link modules against Xorg symbols on Cygwin 2012-04-05 21:57:07 -05:00
xserver.ent.in doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00

README 

					X Server

The X server accepts requests from client applications to create windows,
which are (normally rectangular) "virtual screens" that the client program
can draw into.

Windows are then composed on the actual screen by the X server
(or by a separate composite manager) as directed by the window manager,
which usually communicates with the user via graphical controls such as buttons
and draggable titlebars and borders.

For a comprehensive overview of X Server and X Window System, consult the
following article:
http://en.wikipedia.org/wiki/X_server

All questions regarding this software should be directed at the
Xorg mailing list:

        http://lists.freedesktop.org/mailman/listinfo/xorg

Please submit bug reports to the Xorg bugzilla:

        https://bugs.freedesktop.org/enter_bug.cgi?product=xorg

The master development code repository can be found at:

        git://anongit.freedesktop.org/git/xorg/xserver

        http://cgit.freedesktop.org/xorg/xserver

For patch submission instructions, see:

	http://www.x.org/wiki/Development/Documentation/SubmittingPatches

For more information on the git code manager, see:

        http://wiki.x.org/wiki/GitPage