Based on the original patch by Chris Wilson, which was a better fix than mine.
We stash a copy of the desiredMode on the crtc so that we can restore it
after a vt switch. This copy is a simple memcpy and so also stashes a
references to the pointers contained within the desiredMode. Those
pointers are freed the next time the outputs are probed and mode list
rebuilt, resulting in us chasing those dangling pointers on the next
mode switch.
==22787== Invalid read of size 1
==22787== at 0x40293C2: __GI_strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22787== by 0x668F875: strdup (strdup.c:42)
==22787== by 0x5DBA00: XNFstrdup (utils.c:1124)
==22787== by 0x4D72ED: xf86DuplicateMode (xf86Modes.c:209)
==22787== by 0x4CA848: xf86CrtcSetModeTransform (xf86Crtc.c:276)
==22787== by 0x4D05B4: xf86SetDesiredModes (xf86Crtc.c:2677)
==22787== by 0xA7479D0: sna_create_screen_resources
(sna_driver.c:220)
==22787== by 0x4CB914: xf86CrtcCreateScreenResources (xf86Crtc.c:725)
==22787== by 0x425498: main (main.c:216)
==22787== Address 0x72c60e0 is 0 bytes inside a block of size 9 free'd
==22787== at 0x4027AAE: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22787== by 0x4A547E: xf86DeleteMode (xf86Mode.c:1984)
==22787== by 0x4CD84F: xf86ProbeOutputModes (xf86Crtc.c:1578)
==22787== by 0x4DC405: xf86RandR12GetInfo12 (xf86RandR12.c:1537)
==22787== by 0x518119: RRGetInfo (rrinfo.c:202)
==22787== by 0x51D997: rrGetScreenResources (rrscreen.c:335)
==22787== by 0x51E0D0: ProcRRGetScreenResources (rrscreen.c:475)
==22787== by 0x513852: ProcRRDispatch (randr.c:493)
==22787== by 0x4346DB: Dispatch (dispatch.c:439)
==22787== by 0x4256E4: main (main.c:287)
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Reported-by: Zdenek Kabelac <zdenek.kabelac@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=36108
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>
deb08658e2