andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6e3e559e9f
xserver-multidpi/dix
History
Keith Packard 6e3e559e9f dix: reset pScreen->root to NULL when root window is deleted. 
From: Dave Airlie <airlied@linux.ie>

We were seeing a crash in the FreeAllResources codepath,
running valgrind revealed this,

==12536== Invalid read of size 4
==12536==    at 0x810BCAB: DeliverPropertyEvent (rrproperty.c:33)
==12536==    by 0x80958A4: TraverseTree (window.c:227)
==12536==    by 0x809593E: WalkTree (window.c:255)
==12536==    by 0x810BC66: RRDeliverPropertyEvent (rrproperty.c:53)
==12536==    by 0x810BD5D: RRDeleteProperty.clone.0 (rrproperty.c:76)
==12536==    by 0x810BD98: RRDeleteAllOutputProperties (rrproperty.c:88)
==12536==    by 0x810A36E: RROutputDestroyResource (rroutput.c:407)
==12536==    by 0x808DF4E: FreeClientResources (resource.c:859)
==12536==    by 0x808E005: FreeAllResources (resource.c:876)
==12536==    by 0x8062300: main (main.c:305)
==12536==  Address 0x46ba8ac is 4 bytes inside a block of size 164 free'd
==12536==    at 0x40057F6: free (vg_replace_malloc.c:325)
==12536==    by 0x8087F1F: _dixFreeObjectWithPrivates (privates.c:357)
==12536==    by 0x809832A: DeleteWindow (window.c:926)
==12536==    by 0x808DF4E: FreeClientResources (resource.c:859)
==12536==    by 0x808E005: FreeAllResources (resource.c:876)
==12536==    by 0x8062300: main (main.c:305)

Its a use after free on the root window, since we have already deleted it
at this point. This patch checks if the window we are destroying is the root
window and resets the pointer to NULL if it is.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Tested-by: Dave Airlie <airlied@redhat.com>
2010-08-16 11:50:22 -07:00
..
.gitignore .gitignore: use common defaults with custom section #24239 2009-11-11 21:40:20 -08:00
atom.c Misc coding style cleanup 2010-05-13 06:16:48 +07:00
buildatoms XFree86 4.3.0.1 2003-11-14 16:49:22 +00:00
BuiltInAtoms R6.6 is the Xorg base-line 2003-11-14 15:54:54 +00:00
colormap.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
cursor.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
deprecated.c dix: remove dixLookupResource - we don't have any users left. 2009-09-07 10:51:16 +10:00
devices.c Stop checking or calling PtrCtrlProcs 2010-08-13 15:24:51 +10:00
dispatch.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
dispatch.h Remove RCS tags. Fix Xprint makefile braindamage. 2006-07-21 17:56:00 -04:00
dixfonts.c fonts: Fix refcounting for asynchronous font operations (#3040) 2010-08-09 21:31:41 -07:00
dixutils.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
enterleave.c dix: hack around enter/leave event issues for grabbed devices (#27804) 2010-07-21 08:11:27 +10:00
enterleave.h dix: call SetFocusOut and LeaveWindow when disabling a device. 2009-08-03 10:11:48 +10:00
eventconvert.c Replace X-allocation functions with their C89 counterparts 2010-05-13 00:22:37 +07:00
events.c dix: purge leftover manual key down bit setting. 2010-07-07 13:29:46 +10:00
extension.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
ffs.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
gc.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
getevents.c xkb: post-fix PointerKeys button events with a DeviceChangedEvent. 2010-08-13 11:07:13 +10:00
globals.c Change the devPrivates API to require dixRegisterPrivateKey 2010-06-05 19:23:03 -07:00
glyphcurs.c Replace dixChangeGC with calls directly to the right variant. 2010-05-13 17:14:07 -07:00
grabs.c Remove more superfluous if(p) checks around free(p) 2010-06-06 20:27:18 +07:00
initatoms.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
inpututils.c xfree86: Match devices based on USB ID 2010-06-11 09:30:33 +10:00
main.c Initialize dev privates before using any 2010-06-30 12:25:08 -04:00
Makefile.am Move mi/miregion.c to dix/region.c 2010-06-05 17:48:20 -07:00
pixmap.c Change the devPrivates API to require dixRegisterPrivateKey 2010-06-05 19:23:03 -07:00
privates.c Add dixCreatePrivateKey API 2010-06-05 19:31:37 -07:00
property.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
protocol.txt Add DRI2 requests to protocol.txt 2009-08-28 23:29:05 -04:00
ptrveloc.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
region.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
registry.c Replace X-allocation functions with their C89 counterparts 2010-05-13 00:22:37 +07:00
resource.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
selection.c Change the devPrivates API to require dixRegisterPrivateKey 2010-06-05 19:23:03 -07:00
swaprep.c Replace X-allocation functions with their C89 counterparts 2010-05-13 00:22:37 +07:00
swapreq.c Remove unnecessary parentheses around return values in functions 2010-06-10 06:42:42 -07:00
tables.c Remove #define NEED_EVENTS and NEED_REPLIES 2008-12-12 11:43:32 +10:00
window.c dix: reset pScreen->root to NULL when root window is deleted. 2010-08-16 11:50:22 -07:00
Xserver-dtrace.h.in Update Sun license notices to current X.Org standard form 2009-12-16 17:11:35 -08:00
Xserver.d Update Sun license notices to current X.Org standard form 2009-12-16 17:11:35 -08:00