|
 |
b6a310 |
From a604a0a26791e9f352aad27232127d729bca4334 Mon Sep 17 00:00:00 2001
|
|
|
b6a310 |
From: Erik Kurzinger <ekurzinger@nvidia.com>
|
|
|
b6a310 |
Date: Thu, 10 Dec 2020 14:24:32 -0800
|
|
|
b6a310 |
Subject: [PATCH xserver 26/27] glx: don't create implicit GLXWindow if one
|
|
|
b6a310 |
already exists
|
|
|
b6a310 |
|
|
|
b6a310 |
If a GLXMakeCurrent request specifies an X window as its drawable,
|
|
|
b6a310 |
__glXGetDrawable will implicitly create a GLXWindow for it. However,
|
|
|
b6a310 |
the client may have already explicitly created a GLXWindow for that X
|
|
|
b6a310 |
window. If that happens, two __glXDrawableRes resources will be added
|
|
|
b6a310 |
to the window.
|
|
|
b6a310 |
|
|
|
b6a310 |
If the explicitly-created GLXWindow is later destroyed by the client,
|
|
|
b6a310 |
DrawableGone will call FreeResourceByType on the X window, but this
|
|
|
b6a310 |
will actually free the resource for the implicitly-created GLXWindow,
|
|
|
b6a310 |
since that one would be at the head of the list.
|
|
|
b6a310 |
|
|
|
b6a310 |
Then if the X window is destroyed after that, the resource for the
|
|
|
b6a310 |
explicitly-created GLXWindow will be freed. But that GLXWindow was
|
|
|
b6a310 |
already destroyed above. This crashes the server when it tries to call
|
|
|
b6a310 |
the destroyed GLXWindow's destructor. It also means the
|
|
|
b6a310 |
implicitly-created GLXWindow would have been leaked since the
|
|
|
b6a310 |
FreeResourceByType call mentioned above skips calling the destructor.
|
|
|
b6a310 |
|
|
|
b6a310 |
To fix this, if __glXGetDrawable is given an X window, it should check
|
|
|
b6a310 |
if there is already a GLXWindow associated with it, and only create an
|
|
|
b6a310 |
implicit one if there is not.
|
|
|
b6a310 |
|
|
|
b6a310 |
Signed-off-by: Erik Kurzinger <ekurzinger@nvidia.com>
|
|
|
b6a310 |
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
|
|
b6a310 |
(cherry picked from commit b7a85e44da91d1663d5b4eabac06327c92a80f91)
|
|
|
b6a310 |
---
|
|
|
b6a310 |
glx/glxcmds.c | 11 +++++++++--
|
|
|
b6a310 |
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
|
b6a310 |
|
|
|
b6a310 |
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
|
|
|
b6a310 |
index 37576b6ef..1b9ad6d14 100644
|
|
|
b6a310 |
--- a/glx/glxcmds.c
|
|
|
b6a310 |
+++ b/glx/glxcmds.c
|
|
|
b6a310 |
@@ -487,8 +487,15 @@ __glXGetDrawable(__GLXcontext * glxc, GLXDrawable drawId, ClientPtr client,
|
|
|
b6a310 |
__GLXscreen *pGlxScreen;
|
|
|
b6a310 |
int rc;
|
|
|
b6a310 |
|
|
|
b6a310 |
- if (validGlxDrawable(client, drawId, GLX_DRAWABLE_ANY,
|
|
|
b6a310 |
- DixWriteAccess, &pGlxDraw, &rc)) {
|
|
|
b6a310 |
+ rc = dixLookupResourceByType((void **)&pGlxDraw, drawId,
|
|
|
b6a310 |
+ __glXDrawableRes, client, DixWriteAccess);
|
|
|
b6a310 |
+ if (rc == Success &&
|
|
|
b6a310 |
+ /* If pGlxDraw->drawId == drawId, drawId is a valid GLX drawable.
|
|
|
b6a310 |
+ * Otherwise, if pGlxDraw->type == GLX_DRAWABLE_WINDOW, drawId is
|
|
|
b6a310 |
+ * an X window, but the client has already created a GLXWindow
|
|
|
b6a310 |
+ * associated with it, so we don't want to create another one. */
|
|
|
b6a310 |
+ (pGlxDraw->drawId == drawId ||
|
|
|
b6a310 |
+ pGlxDraw->type == GLX_DRAWABLE_WINDOW)) {
|
|
|
b6a310 |
if (glxc != NULL &&
|
|
|
b6a310 |
glxc->config != NULL &&
|
|
|
b6a310 |
glxc->config != pGlxDraw->config) {
|
|
|
b6a310 |
--
|
|
|
b6a310 |
2.31.1
|
|
|
b6a310 |
|