summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Fourdan <ofourdan@redhat.com>2020-09-14 15:39:10 +0200
committerAdam Jackson <ajax@nwnk.net>2020-09-22 19:23:52 +0000
commita5f439dcd21b4fda093cb382bb1a758b434a1444 (patch)
tree360169edd28ede62ddfe7d8a352e0abbe14acd7a
parent0b86c0c36241989d7e9662d007c5297fe22ae8b5 (diff)
xwayland: Remove pending stream reference when freeing
The EGLStream backend keeps a queue of pending streams for each Xwayland window. However, when this pending queue is freed, the corresponding private data may not be cleared (typically if the pixmap for this window has changed before the compositor finished attaching the consumer for the window's pixmap's original eglstream), leading to a use-after-free and a crash when trying to use that data as the window pixmap. Make sure to clear the private data when the pending stream is freed. Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1055 Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Tested-by: Karol Szuster <karolsz9898@gmail.com> Reviewed-by: Adam Jackson <ajax@redhat.com>
-rw-r--r--hw/xwayland/xwayland-glamor-eglstream.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/xwayland/xwayland-glamor-eglstream.c b/hw/xwayland/xwayland-glamor-eglstream.c
index ee7f95b56..2821f9a58 100644
--- a/hw/xwayland/xwayland-glamor-eglstream.c
+++ b/hw/xwayland/xwayland-glamor-eglstream.c
@@ -437,8 +437,8 @@ xwl_eglstream_consumer_ready_callback(void *data,
DebugF("eglstream: win %d completes eglstream for pixmap %p, congrats!\n",
pending->window->drawable.id, pending->pixmap);
- xwl_eglstream_window_set_pending(pending->window, NULL);
out:
+ xwl_eglstream_window_set_pending(pending->window, NULL);
xorg_list_del(&pending->link);
free(pending);
}