Stefan Dirsch
683dd399a9
- U_xwayland-Don-t-process-cursor-warping-without-an-xwl.patch, U_xwayland-Give-up-cleanly-on-Wayland-socket-errors.patch, U_xwayland-avoid-race-condition-on-new-keymap.patch, U_xwayland-remove-dirty-window-unconditionally-on-unre.patch: * Various crash and bug fixes in XWayland server (bgo#791383, bgo#790502). OBS-URL: https://build.opensuse.org/request/show/578983 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=692
68 lines
2.4 KiB
Diff
68 lines
2.4 KiB
Diff
From f6cd99ed79c17e3aa04b8821d10ca95939bd8675 Mon Sep 17 00:00:00 2001
|
|
From: Olivier Fourdan <ofourdan@redhat.com>
|
|
Date: Wed, 24 Jan 2018 17:45:37 +0100
|
|
Subject: [PATCH] xwayland: remove dirty window unconditionally on unrealize
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
This is a rare occurrence of a crash in Xwayland for which I don't have
|
|
the reproducing steps, just a core file.
|
|
|
|
The backtrace looks as follow:
|
|
|
|
#0 raise () from /usr/lib64/libc.so.6
|
|
#1 abort () from /usr/lib64/libc.so.6
|
|
#2 OsAbort () at utils.c:1361
|
|
#3 AbortServer () at log.c:877
|
|
#4 FatalError () at log.c:1015
|
|
#5 OsSigHandler () at osinit.c:154
|
|
#6 <signal handler called>
|
|
#7 xwl_glamor_pixmap_get_wl_buffer () at xwayland-glamor.c:162
|
|
#8 xwl_screen_post_damage () at xwayland.c:514
|
|
#9 block_handler () at xwayland.c:665
|
|
#10 BlockHandler () at dixutils.c:388
|
|
#11 WaitForSomething () at WaitFor.c:219
|
|
#12 Dispatch () at dispatch.c:422
|
|
#13 dix_main () at main.c:287
|
|
|
|
The crash is caused by dereferencing “xwl_pixmap->buffer” in
|
|
xwl_glamor_pixmap_get_wl_buffer() because “xwl_pixmap” is NULL.
|
|
|
|
Reason for this is because the corresponding pixmap is from the root
|
|
window and xwayland is rootless by default.
|
|
|
|
This can happen if the window was mapped, redirected, damaged and
|
|
unredirected immediately, before the damage is processed by Xwayland.
|
|
|
|
Make sure to remove the dirty window from the damage list on unrealize
|
|
to prevent this from happening.
|
|
|
|
Credit goes to Adam Jackson <ajax@nwnk.net> and Daniel Stone
|
|
<daniel@fooishbar.org> for finding the root cause the issue.
|
|
|
|
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
|
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
|
(cherry picked from commit 3362422e8413dd9f231cfac50ce0a0862525b1bf)
|
|
---
|
|
hw/xwayland/xwayland.c | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
|
|
index 939f3392c..0e7929715 100644
|
|
--- a/hw/xwayland/xwayland.c
|
|
+++ b/hw/xwayland/xwayland.c
|
|
@@ -454,8 +454,7 @@ xwl_unrealize_window(WindowPtr window)
|
|
return ret;
|
|
|
|
wl_surface_destroy(xwl_window->surface);
|
|
- if (RegionNotEmpty(DamageRegion(xwl_window->damage)))
|
|
- xorg_list_del(&xwl_window->link_damage);
|
|
+ xorg_list_del(&xwl_window->link_damage);
|
|
DamageUnregister(xwl_window->damage);
|
|
DamageDestroy(xwl_window->damage);
|
|
if (xwl_window->frame_callback)
|
|
--
|
|
2.16.1
|
|
|