glx: Fix use after free in MakeCurrent

The fix from commit c468d34c7 - "glx: Set ContextTag for all contexts" is actually incomplete, it correctly sets the context tag for direct contexts as well, but would fail to mark the context's currentClient. As a result, when the context is destroyed, it would be freed immediately rather than being just scheduled for deletion, even though it is still current for some client. leading to a use-after-free. Make sure to also set the context's currentClient for direct contexts as well, not just indirect ones. Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Fixes: c468d34c7 - "glx: Set ContextTag for all contexts" Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1186 Reviewed-by: Adam Jackson <ajax@redhat.com>
author: Olivier Fourdan <ofourdan@redhat.com> 2021-06-18 14:52:55 +0200
committer: Olivier Fourdan <ofourdan@redhat.com> 2021-06-21 08:39:38 +0200
commit: aad61e8e03311eb8bae4f7db59e65634733eadc2 (patch)
tree: faa708d171ce6a768bc46e13baa16aae4b8ab246 /glx
parent: 021b3c2f778e718338f232b94880fc3ae9092085 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index 3f1bb9a71..fc26a2e34 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -662,11 +662,11 @@ xorgGlxMakeCurrent(ClientPtr client, GLXContextTag tag, XID drawId, XID readId,
             glxc->readPriv = NULL;
             return __glXError(GLXBadContext);
         }
-
-        glxc->currentClient = client;
     }
 
     glxServer.setContextTagPrivate(client, newContextTag, glxc);
+    if (glxc)
+        glxc->currentClient = client;
 
     if (prevglxc) {
         prevglxc->currentClient = NULL;
author	Olivier Fourdan <ofourdan@redhat.com>	2021-06-18 14:52:55 +0200
committer	Olivier Fourdan <ofourdan@redhat.com>	2021-06-21 08:39:38 +0200
commit	aad61e8e03311eb8bae4f7db59e65634733eadc2 (patch)
tree	faa708d171ce6a768bc46e13baa16aae4b8ab246 /glx
parent	021b3c2f778e718338f232b94880fc3ae9092085 (diff)