From 1a465fef9bc21142eecca3999f0761a3c0501a09 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Fri, 3 Aug 2012 16:41:45 +1000 Subject: pixmap: have slave pixmap take a reference on master pixmap Since the free routines free the master pixmap then the slave, we should be taking a reference when we bind them together. Fixes a use-after-free when resizing a primed gears. Signed-off-by: Dave Airlie Reviewed-by: Alex Deucher --- dix/pixmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dix/pixmap.c b/dix/pixmap.c index 9163e99eb..241881262 100644 --- a/dix/pixmap.c +++ b/dix/pixmap.c @@ -148,6 +148,10 @@ PixmapPtr PixmapShareToSlave(PixmapPtr pixmap, ScreenPtr slave) pixmap->drawable.height, depth, 0, pixmap->devKind, NULL); + /* have the slave pixmap take a reference on the master pixmap + later we destroy them both at the same time */ + pixmap->refcnt++; + spix->master_pixmap = pixmap; ret = slave->SetSharedPixmapBacking(spix, handle); -- cgit v1.2.3 From 64623ef90db649e89345f71871affe7a9606f6ea Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Fri, 3 Aug 2012 16:42:44 +1000 Subject: dri2: free slave pixmap on app exit When the drawable disappears we need to free the prime master/slave combos. This fixes a leak after a prime app is run. Signed-off-by: Dave Airlie Reviewed-by: Alex Deucher --- hw/xfree86/dri2/dri2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c index 63feed51a..d60d8ba6c 100644 --- a/hw/xfree86/dri2/dri2.c +++ b/hw/xfree86/dri2/dri2.c @@ -409,6 +409,11 @@ DRI2DrawableGone(pointer p, XID id) dixSetPrivate(&pPixmap->devPrivates, dri2PixmapPrivateKey, NULL); } + if (pPriv->prime_slave_pixmap) { + (*pPriv->prime_slave_pixmap->master_pixmap->drawable.pScreen->DestroyPixmap)(pPriv->prime_slave_pixmap->master_pixmap); + (*pPriv->prime_slave_pixmap->drawable.pScreen->DestroyPixmap)(pPriv->prime_slave_pixmap); + } + if (pPriv->buffers != NULL) { for (i = 0; i < pPriv->bufferCount; i++) destroy_buffer(pDraw, pPriv->buffers[i], pPriv->prime_id); -- cgit v1.2.3 From ac09a4a091a43188241365152e1244fd8fd93ee7 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Fri, 3 Aug 2012 16:43:22 +1000 Subject: dri2: fix master pixmap free and reset pointer These are two minor changes, one to reset the pointer to NULL, after freeing the pixmaps, one to make sure we use the right API for the master pixmap, though I doubt it'll ever really matter. Signed-off-by: Dave Airlie Reviewed-by: Alex Deucher --- hw/xfree86/dri2/dri2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/xfree86/dri2/dri2.c b/hw/xfree86/dri2/dri2.c index d60d8ba6c..23f589cdc 100644 --- a/hw/xfree86/dri2/dri2.c +++ b/hw/xfree86/dri2/dri2.c @@ -816,8 +816,9 @@ DrawablePtr DRI2UpdatePrime(DrawablePtr pDraw, DRI2BufferPtr pDest) if (pPriv->prime_slave_pixmap->master_pixmap == mpix) return &pPriv->prime_slave_pixmap->drawable; else { - (*master->DestroyPixmap)(pPriv->prime_slave_pixmap->master_pixmap); + (*pPriv->prime_slave_pixmap->master_pixmap->drawable.pScreen->DestroyPixmap)(pPriv->prime_slave_pixmap->master_pixmap); (*slave->DestroyPixmap)(pPriv->prime_slave_pixmap); + pPriv->prime_slave_pixmap = NULL; } } -- cgit v1.2.3