Fix a segfault that occurs if xorg.conf.d is absent:

In InitOutput, if xf86HandleConfigFile returns CONFIG_NOFILE
(which it does if no config file or directory is present), the
autoconfig flag is set, causing xf86AutoConfig to be called
later on.

xf86AutoConfig calls xf86OutputClassDriverList via the
call tree:

xf86AutoConfig =>
  listPossibleVideoDrivers =>
    xf86PlatformMatchDriver =>
      xf86OutputClassDriverList

and xf86OutputClassDriverList attempts to traverse a linked list
that is a member of the XF86ConfigRec struct pointed to by the
global xf86configptr, which is NULL at this point because the
XF86ConfigRec struct is only allocated (by xf86readConfigFile)
AFTER the config file and directory have been successfully
opened; the CONFIG_NOFILE return from xf86HandleConfigFile
occurs BEFORE the call to xf86readConfigFile which allocates
the XF86ConfigRec struct.

Rx: In read.c (for symmetry with xf86freeConfig, which already
appears in this file), add a new function xf86allocateConfig
which tests the value of xf86configptr and, if it's NULL,
allocates the XF86ConfigRec struct and deposits the pointer
in xf86configptr.  In xf86Parser.h, add a prototype for the
new xf86allocateConfig function.

Back in read.c, #include "xf86Config.h".  In xf86readConfigFile,
change the open-code call to calloc to a call to the new
xf86allocateConfig function.

In xf86AutoConfig.c, add a call to the new xf86allocateConfig function
to the beginning of xf86AutoConfig to make sure the XF86ConfigRec struct
is allocated.

Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Ben Crocker <bcrocker@redhat.com>
(cherry picked from commit 8b335d9068fe4e1f1423a4d86c22b69ffcb819a5)

3 files changed, 25 insertions, 1 deletions

diff --git a/hw/xfree86/common/xf86AutoConfig.c b/hw/xfree86/common/xf86AutoConfig.c
index 940265144..c3e17beb7 100644
--- a/hw/xfree86/common/xf86AutoConfig.c
+++ b/hw/xfree86/common/xf86AutoConfig.c
@@ -149,6 +149,15 @@ xf86AutoConfig(void)
     char buf[1024];
     ConfigStatus ret;
 
+    /* Make sure config rec is there */
+    if (xf86allocateConfig() != NULL) {
+        ret = CONFIG_OK;    /* OK so far */
+    }
+    else {
+        xf86Msg(X_ERROR, "Couldn't allocate Config record.\n");
+        return FALSE;
+    }
+
     listPossibleVideoDrivers(deviceList, 20);
 
     for (p = deviceList; *p; p++) {
diff --git a/hw/xfree86/parser/read.c b/hw/xfree86/parser/read.c
index ec038aeb1..d7e731217 100644
--- a/hw/xfree86/parser/read.c
+++ b/hw/xfree86/parser/read.c
@@ -56,6 +56,7 @@
 #include <xorg-config.h>
 #endif
 
+#include "xf86Config.h"
 #include "xf86Parser.h"
 #include "xf86tokens.h"
 #include "Configint.h"
@@ -91,7 +92,7 @@ xf86readConfigFile(void)
     int token;
     XF86ConfigPtr ptr = NULL;
 
-    if ((ptr = calloc(1, sizeof(XF86ConfigRec))) == NULL) {
+    if ((ptr = xf86allocateConfig()) == NULL) {
         return NULL;
     }
 
@@ -270,6 +271,19 @@ xf86itemNotSublist(GenericListPtr list_1, GenericListPtr list_2)
     return (!(last_1 == last_2));
 }
 
+/*
+ * Conditionally allocate config struct, but only allocate it
+ * if it's not already there.  In either event, return the pointer
+ * to the global config struct.
+ */
+XF86ConfigPtr xf86allocateConfig(void)
+{
+    if (!xf86configptr) {
+        xf86configptr = calloc(1, sizeof(XF86ConfigRec));
+    }
+    return xf86configptr;
+}
+
 void
 xf86freeConfig(XF86ConfigPtr p)
 {
diff --git a/hw/xfree86/parser/xf86Parser.h b/hw/xfree86/parser/xf86Parser.h
index ff35846e9..9c4b40370 100644
--- a/hw/xfree86/parser/xf86Parser.h
+++ b/hw/xfree86/parser/xf86Parser.h
@@ -449,6 +449,7 @@ extern char *xf86openConfigDirFiles(const char *path, const char *cmdline,
 extern void xf86setBuiltinConfig(const char *config[]);
 extern XF86ConfigPtr xf86readConfigFile(void);
 extern void xf86closeConfigFile(void);
+extern XF86ConfigPtr xf86allocateConfig(void);
 extern void xf86freeConfig(XF86ConfigPtr p);
 extern int xf86writeConfigFile(const char *, XF86ConfigPtr);
 extern _X_EXPORT XF86ConfDevicePtr xf86findDevice(const char *ident,