xorg-x11-server/U_xwayland-remove-dirty-window-unconditionally-on-unre.patch
Stefan Dirsch 683dd399a9 Accepting request 578983 from home:fcrozat:branches:X11:XOrg
- U_xwayland-Don-t-process-cursor-warping-without-an-xwl.patch,
  U_xwayland-Give-up-cleanly-on-Wayland-socket-errors.patch,
  U_xwayland-avoid-race-condition-on-new-keymap.patch,
  U_xwayland-remove-dirty-window-unconditionally-on-unre.patch:
  * Various crash and bug fixes in XWayland server (bgo#791383,
    bgo#790502).

OBS-URL: https://build.opensuse.org/request/show/578983
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=692
2018-02-22 12:53:53 +00:00

68 lines
2.4 KiB
Diff

From f6cd99ed79c17e3aa04b8821d10ca95939bd8675 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Wed, 24 Jan 2018 17:45:37 +0100
Subject: [PATCH] xwayland: remove dirty window unconditionally on unrealize
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is a rare occurrence of a crash in Xwayland for which I don't have
the reproducing steps, just a core file.
The backtrace looks as follow:
#0 raise () from /usr/lib64/libc.so.6
#1 abort () from /usr/lib64/libc.so.6
#2 OsAbort () at utils.c:1361
#3 AbortServer () at log.c:877
#4 FatalError () at log.c:1015
#5 OsSigHandler () at osinit.c:154
#6 <signal handler called>
#7 xwl_glamor_pixmap_get_wl_buffer () at xwayland-glamor.c:162
#8 xwl_screen_post_damage () at xwayland.c:514
#9 block_handler () at xwayland.c:665
#10 BlockHandler () at dixutils.c:388
#11 WaitForSomething () at WaitFor.c:219
#12 Dispatch () at dispatch.c:422
#13 dix_main () at main.c:287
The crash is caused by dereferencing “xwl_pixmap->buffer” in
xwl_glamor_pixmap_get_wl_buffer() because “xwl_pixmap” is NULL.
Reason for this is because the corresponding pixmap is from the root
window and xwayland is rootless by default.
This can happen if the window was mapped, redirected, damaged and
unredirected immediately, before the damage is processed by Xwayland.
Make sure to remove the dirty window from the damage list on unrealize
to prevent this from happening.
Credit goes to Adam Jackson <ajax@nwnk.net> and Daniel Stone
<daniel@fooishbar.org> for finding the root cause the issue.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
(cherry picked from commit 3362422e8413dd9f231cfac50ce0a0862525b1bf)
---
hw/xwayland/xwayland.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
index 939f3392c..0e7929715 100644
--- a/hw/xwayland/xwayland.c
+++ b/hw/xwayland/xwayland.c
@@ -454,8 +454,7 @@ xwl_unrealize_window(WindowPtr window)
return ret;
wl_surface_destroy(xwl_window->surface);
- if (RegionNotEmpty(DamageRegion(xwl_window->damage)))
- xorg_list_del(&xwl_window->link_damage);
+ xorg_list_del(&xwl_window->link_damage);
DamageUnregister(xwl_window->damage);
DamageDestroy(xwl_window->damage);
if (xwl_window->frame_callback)
--
2.16.1