From 5da734cc5c1ae235cbb5a778ff0325702a6e79d1 Mon Sep 17 00:00:00 2001 From: Jon TURNEY Date: Sat, 11 Jan 2014 16:17:31 +0000 Subject: Fix crash when a client exits without deleting GL contexts Fix a crash due to use-after-free when a client exits without deleting all it's GL contexts On client exit, CloseDownClient first calls glxClientCallback() with ClientStateGone, which calls __glXFreeContext() directly. Subsequently CloseDownClient() frees all the clients resources, which leads to ContextGone() being called for a context resource where the context has already been freed. Fix this by modifiying glxClientCallback() to free the context resource. Also make __glXFreeContext() static, as calling it directly leads to this problem, instead the context resource should be released. Signed-off-by: Jon TURNEY --- glx/glxext.c | 5 +++-- glx/glxext.h | 1 - 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/glx/glxext.c b/glx/glxext.c index f93642b0c..3fa7095ee 100644 --- a/glx/glxext.c +++ b/glx/glxext.c @@ -72,6 +72,7 @@ static DevPrivateKeyRec glxClientPrivateKeyRec; ** Forward declarations. */ static int __glXDispatch(ClientPtr); +static GLboolean __glXFreeContext(__GLXcontext * cx); /* ** Called when the extension is reset. @@ -194,7 +195,7 @@ __glXRemoveFromContextList(__GLXcontext * cx) /* ** Free a context. */ -GLboolean +static GLboolean __glXFreeContext(__GLXcontext * cx) { if (cx->idExists || cx->currentClient) @@ -298,7 +299,7 @@ glxClientCallback(CallbackListPtr *list, pointer closure, pointer data) if (c->currentClient == pClient) { c->loseCurrent(c); c->currentClient = NULL; - __glXFreeContext(c); + FreeResourceByType(c, __glXContextRes, FALSE); } } diff --git a/glx/glxext.h b/glx/glxext.h index 3f2dee696..cde0e1519 100644 --- a/glx/glxext.h +++ b/glx/glxext.h @@ -51,7 +51,6 @@ #define GLX_RGBA_UNSIGNED_FLOAT_TYPE_EXT 0x20B1 #endif -extern GLboolean __glXFreeContext(__GLXcontext * glxc); extern void __glXFlushContextCache(void); extern Bool __glXAddContext(__GLXcontext * cx); -- cgit v1.2.3 From fadf220c47f889720f7a4bca9f0f6e1bab9b27be Mon Sep 17 00:00:00 2001 From: Jon TURNEY Date: Sat, 11 Jan 2014 16:35:31 +0000 Subject: hw/xwin/glx: Don't create fbConfigs for un-accelerated pixelFormats For some reason, glxinfo is now selecting an un-accelerated fbConfig, which leads to "GDI Generic" being reported as the renderer name. For the moment, just don't create fbConfigs for un-accelerated pixelFormats. Signed-off-by: Jon TURNEY --- hw/xwin/glx/indirect.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/xwin/glx/indirect.c b/hw/xwin/glx/indirect.c index 3d01bed39..e8e75d534 100644 --- a/hw/xwin/glx/indirect.c +++ b/hw/xwin/glx/indirect.c @@ -1937,6 +1937,8 @@ glxWinCreateConfigs(HDC hdc, glxWinScreen * screen) /* EXT_visual_rating / GLX 1.2 */ if (pfd.dwFlags & PFD_GENERIC_FORMAT) { c->base.visualRating = GLX_SLOW_VISUAL_EXT; + GLWIN_DEBUG_MSG("pixelFormat %d is un-accelerated, skipping", i + 1); + continue; } else { // PFD_GENERIC_ACCELERATED is not considered, so this may be MCD or ICD acclerated... @@ -2277,6 +2279,8 @@ glxWinCreateConfigsExt(HDC hdc, glxWinScreen * screen) case WGL_NO_ACCELERATION_ARB: c->base.visualRating = GLX_SLOW_VISUAL_EXT; + GLWIN_DEBUG_MSG("pixelFormat %d is un-accelerated, skipping", i + 1); + continue; break; case WGL_GENERIC_ACCELERATION_ARB: -- cgit v1.2.3