diff --git a/0001-Fix-a-segfault-in-wlEglCreatePlatformWindowSurfaceHo.patch b/0001-Fix-a-segfault-in-wlEglCreatePlatformWindowSurfaceHo.patch new file mode 100644 index 0000000..c37fbcb --- /dev/null +++ b/0001-Fix-a-segfault-in-wlEglCreatePlatformWindowSurfaceHo.patch @@ -0,0 +1,37 @@ +From c24fe0634f1f4f730ded955c69b20f1fc8b0a2d5 Mon Sep 17 00:00:00 2001 +From: Kyle Brenneman +Date: Thu, 14 Nov 2024 12:37:11 -0700 +Subject: [PATCH 1/2] Fix a segfault in wlEglCreatePlatformWindowSurfaceHook + +In the error cleanup path in wlEglCreatePlatformWindowSurfaceHook, don't +try to dereference the WlEglSurface if we never allocated it. +--- + src/wayland-eglsurface.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/wayland-eglsurface.c b/src/wayland-eglsurface.c +index ae6cafc..16161f0 100644 +--- a/src/wayland-eglsurface.c ++++ b/src/wayland-eglsurface.c +@@ -2843,15 +2843,14 @@ EGLSurface wlEglCreatePlatformWindowSurfaceHook(EGLDisplay dpy, + return surface; + + fail: +- if (surface->drmSyncobjHandle) { +- drmSyncobjDestroy(display->drmFd, surface->drmSyncobjHandle); +- } +- + if (drmSyncobjFd > 0) { + close(drmSyncobjFd); + } + + if (surface) { ++ if (surface->drmSyncobjHandle) { ++ drmSyncobjDestroy(display->drmFd, surface->drmSyncobjHandle); ++ } + wlEglDestroySurface(display, surface); + } + +-- +2.43.0 + diff --git a/0002-Check-for-a-duplicate-wl_surface-in-wlEglCreatePlatf.patch b/0002-Check-for-a-duplicate-wl_surface-in-wlEglCreatePlatf.patch new file mode 100644 index 0000000..57b273a --- /dev/null +++ b/0002-Check-for-a-duplicate-wl_surface-in-wlEglCreatePlatf.patch @@ -0,0 +1,73 @@ +From eeb29e10e5e7bedb0ce81cfff34683eda960bc80 Mon Sep 17 00:00:00 2001 +From: Kyle Brenneman +Date: Thu, 14 Nov 2024 12:40:45 -0700 +Subject: [PATCH 2/2] Check for a duplicate wl_surface in + wlEglCreatePlatformWindowSurfaceHook + +In wlEglCreatePlatformWindowSurfaceHook, check if there's already a +EGLSurface that uses the same wl_surface object, and if so, fail with +EGL_BAD_ALLOC. + +We've got a check (using the wl_egl_window::driver_private pointer) to +catch if the app tries to create multiple EGLSurfaces from the same +wl_egl_window. But, an app could still call wl_egl_window_create +multiple times, which would give it multiple wl_egl_window structs for +the same wl_surface. +--- + src/wayland-eglsurface.c | 25 ++++++++++++++++++++++--- + 1 file changed, 22 insertions(+), 3 deletions(-) + +diff --git a/src/wayland-eglsurface.c b/src/wayland-eglsurface.c +index 16161f0..72c0863 100644 +--- a/src/wayland-eglsurface.c ++++ b/src/wayland-eglsurface.c +@@ -2652,7 +2652,10 @@ EGLSurface wlEglCreatePlatformWindowSurfaceHook(EGLDisplay dpy, + WlEglDisplay *display = wlEglAcquireDisplay(dpy); + WlEglPlatformData *data = NULL; + WlEglSurface *surface = NULL; ++ WlEglSurface *existingSurf = NULL; + struct wl_egl_window *window = (struct wl_egl_window *)nativeWin; ++ struct wl_surface *wsurf = NULL; ++ long int wver = 0; + EGLBoolean res = EGL_FALSE; + EGLint err = EGL_SUCCESS; + EGLint surfType; +@@ -2683,6 +2686,23 @@ EGLSurface wlEglCreatePlatformWindowSurfaceHook(EGLDisplay dpy, + goto fail; + } + ++ getWlEglWindowVersionAndSurface(window, &wver, &wsurf); ++ if (wsurf == NULL) { ++ err = EGL_BAD_ALLOC; ++ goto fail; ++ } ++ ++ // Make sure that we don't have any existing EGLSurfaces for this ++ // wl_surface. The driver_private check above isn't sufficient for this: If ++ // the app calls wl_egl_window_create more than once on the same ++ // wl_surface, then it would get multiple wl_egl_window structs. ++ wl_list_for_each(existingSurf, &display->wlEglSurfaceList, link) { ++ if (existingSurf->wlSurface == wsurf) { ++ err = EGL_BAD_ALLOC; ++ goto fail; ++ } ++ } ++ + res = data->egl.getConfigAttrib(dpy, config, EGL_SURFACE_TYPE, &surfType); + + if (!res || !(surfType & EGL_STREAM_BIT_KHR)) { +@@ -2757,9 +2777,8 @@ EGLSurface wlEglCreatePlatformWindowSurfaceHook(EGLDisplay dpy, + // Create per surface wayland queue + surface->wlEventQueue = wl_display_create_queue(display->nativeDpy); + +- getWlEglWindowVersionAndSurface(window, +- &surface->wlEglWinVer, +- &surface->wlSurface); ++ surface->wlEglWinVer = wver; ++ surface->wlSurface = wsurf; + + err = assignWlEglSurfaceAttribs(surface, attribs); + if (err != EGL_SUCCESS) { +-- +2.43.0 + diff --git a/libnvidia-egl-wayland.changes b/libnvidia-egl-wayland.changes index 895d879..bfaf0bb 100644 --- a/libnvidia-egl-wayland.changes +++ b/libnvidia-egl-wayland.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Dec 6 13:44:48 UTC 2024 - Stefan Dirsch + +- 0001-Fix-a-segfault-in-wlEglCreatePlatformWindowSurfaceHo.patch + 0002-Check-for-a-duplicate-wl_surface-in-wlEglCreatePlatf.patch + * apply latest fixes from git (jsc#PED-11284) + ------------------------------------------------------------------- Wed Nov 6 15:53:40 UTC 2024 - Stefan Dirsch diff --git a/libnvidia-egl-wayland.spec b/libnvidia-egl-wayland.spec index 05ecaea..cd41d30 100644 --- a/libnvidia-egl-wayland.spec +++ b/libnvidia-egl-wayland.spec @@ -40,6 +40,8 @@ Patch9: 0009-egl-wayland-Fix-roundtrip-eating-wl_drm-events-in-ge.patch Patch11: 0001-egl-wayland-enable-CI-with-github-actions.patch Patch12: 0002-egl-wayland-Fix-use-after-free-in-library-teardown.patch Patch13: 0003-egl-wayland-Handle-failure-to-acquire-image-in-wlEgl.patch +Patch21: 0001-Fix-a-segfault-in-wlEglCreatePlatformWindowSurfaceHo.patch +Patch22: 0002-Check-for-a-duplicate-wl_surface-in-wlEglCreatePlatf.patch BuildRequires: gcc-c++ BuildRequires: meson >= 0.50 BuildRequires: ninja