From 855003c333a0ead1db912695bc9705ef2b3144b4 Mon Sep 17 00:00:00 2001 From: Keith Packard Date: Thu, 21 Jun 2012 18:45:18 -0700 Subject: randr: Catch two more potential unset rrScrPriv uses Ricardo Salveti found one place where the randr code could use the randr screen private data without checking for null first. This happens when the X server is running with multiple screens, some of which are randr enabled and some of which are not. Applications making protocol requests to the non-randr screens can cause segfaults where the server touches the unset private structure. I audited the code and found two more possible problem spots; the trick to auditing for this issue was to look for functions not taking a RandR data structure and where there was no null screen private check above them in the call graph. Signed-off-by: Keith Packard --- randr/rroutput.c | 3 ++- randr/rrscreen.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'randr') diff --git a/randr/rroutput.c b/randr/rroutput.c index 091e06b8a..fbd0e32b3 100644 --- a/randr/rroutput.c +++ b/randr/rroutput.c @@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client) } pScrPriv = rrGetScrPriv(pWin->drawable.pScreen); - RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output); + if (pScrPriv) + RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output); return Success; } diff --git a/randr/rrscreen.c b/randr/rrscreen.c index f570afaf4..55110e088 100644 --- a/randr/rrscreen.c +++ b/randr/rrscreen.c @@ -248,6 +248,9 @@ ProcRRSetScreenSize(ClientPtr client) pScreen = pWin->drawable.pScreen; pScrPriv = rrGetScrPriv(pScreen); + if (!pScrPriv) + return BadMatch; + if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) { client->errorValue = stuff->width; return BadValue; -- cgit v1.2.3