e8295c5020
Xwayland creates and destroys the CRTC along with the Wayland outputs, so there is possibly a case where the number of CRTC drops to 0. However, `xwl_present_get_crtc()` always return `crtcs[0]` which is invalid when `numCrtcs` is 0. That leads to crash if a client queries the Present capabilities when there is no CRTC, the backtrace looks like: #0 raise() from libc.so #1 abort() from libc.so #2 OsAbort() at utils.c:1350 #3 AbortServer() at log.c:879 #4 FatalError() at log.c:1017 #5 OsSigHandler() at osinit.c:156 #6 OsSigHandler() at osinit.c:110 #7 <signal handler called> #8 main_arena() from libc.so #9 proc_present_query_capabilities() at present_request.c:236 #10 Dispatch() at dispatch.c:478 #11 dix_main() at main.c:276 To avoid returning an invalid pointer (`crtcs[0]`) in that case, simply check for `numCrtcs` being 0 and return `NULL` in that case. Thanks to Michel Dänzer <michel.daenzer@amd.com> for pointing this as a possible cause of the crash. Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Michel Dänzer <michel.daenzer@amd.com> Bugzilla: https://bugzilla.redhat.com/1609181 |
||
---|---|---|
.. | ||
.gitignore | ||
drm.xml | ||
Makefile.am | ||
meson.build | ||
xwayland-cursor.c | ||
xwayland-cvt.c | ||
xwayland-glamor-eglstream.c | ||
xwayland-glamor-gbm.c | ||
xwayland-glamor-xv.c | ||
xwayland-glamor.c | ||
xwayland-input.c | ||
xwayland-output.c | ||
xwayland-present.c | ||
xwayland-shm.c | ||
xwayland-vidmode.c | ||
xwayland.c | ||
xwayland.h |