diff --git a/u_0012-glx_Free_reference_to_destroyed_GLX_drawable.patch b/u_0012-glx_Free_reference_to_destroyed_GLX_drawable.patch new file mode 100644 index 0000000..3ffe8db --- /dev/null +++ b/u_0012-glx_Free_reference_to_destroyed_GLX_drawable.patch @@ -0,0 +1,47 @@ +From a2d0829531249e24dbca25fc20ed30a2bb2d8ed8 Mon Sep 17 00:00:00 2001 +From: Michel Dänzer +Date: Thu, 12 Jul 2012 11:16:37 +0000 +Subject: glx: Free DRI2 drawable reference to destroyed GLX drawable. + +Otherwise the reference can lead to use after free in +__glXDRIinvalidateBuffers(). + +Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=50019 + +Signed-off-by: Michel Dänzer +Reviewed-by: Kristian Høgsberg +Signed-off-by: Keith Packard +--- +Index: xorg-server-1.12.3/glx/glxdri2.c +=================================================================== +--- xorg-server-1.12.3.orig/glx/glxdri2.c ++++ xorg-server-1.12.3/glx/glxdri2.c +@@ -96,6 +96,7 @@ struct __GLXDRIdrawable { + int height; + __DRIbuffer buffers[MAX_DRAWABLE_BUFFERS]; + int count; ++ XID dri2_id; + }; + + static void +@@ -104,6 +105,8 @@ __glXDRIdrawableDestroy(__GLXdrawable * + __GLXDRIdrawable *private = (__GLXDRIdrawable *) drawable; + const __DRIcoreExtension *core = private->screen->core; + ++ FreeResource(private->dri2_id, FALSE); ++ + (*core->destroyDrawable) (private->driDrawable); + + __glXDrawableRelease(drawable); +@@ -597,8 +600,9 @@ __glXDRIscreenCreateDrawable(ClientPtr c + private->base.waitGL = __glXDRIdrawableWaitGL; + private->base.waitX = __glXDRIdrawableWaitX; + +- if (DRI2CreateDrawable(client, pDraw, drawId, +- __glXDRIinvalidateBuffers, private)) { ++ if (DRI2CreateDrawable2(client, pDraw, drawId, ++ __glXDRIinvalidateBuffers, private, ++ &private->dri2_id)) { + free(private); + return NULL; + } diff --git a/u_dri2_add_DRI2CreateDrawable2.patch b/u_dri2_add_DRI2CreateDrawable2.patch new file mode 100644 index 0000000..429f2c1 --- /dev/null +++ b/u_dri2_add_DRI2CreateDrawable2.patch @@ -0,0 +1,66 @@ +From 8a87acc9e57be740e3bd252567622246051a0723 Mon Sep 17 00:00:00 2001 +From: Michel Dänzer +Date: Thu, 12 Jul 2012 11:16:36 +0000 +Subject: dri2: Add DRI2CreateDrawable2. + +Same as DRI2CreateDrawable, except it can return the DRI2 specific XID of the +DRI2 drawable reference to the base drawable. + +Signed-off-by: Michel Dänzer +Reviewed-by: Kristian Høgsberg +Signed-off-by: Keith Packard +--- +Index: xorg-server-1.12.3/hw/xfree86/dri2/dri2.c +=================================================================== +--- xorg-server-1.12.3.orig/hw/xfree86/dri2/dri2.c ++++ xorg-server-1.12.3/hw/xfree86/dri2/dri2.c +@@ -280,8 +280,9 @@ DRI2AddDrawableRef(DRI2DrawablePtr pPriv + } + + int +-DRI2CreateDrawable(ClientPtr client, DrawablePtr pDraw, XID id, +- DRI2InvalidateProcPtr invalidate, void *priv) ++DRI2CreateDrawable2(ClientPtr client, DrawablePtr pDraw, XID id, ++ DRI2InvalidateProcPtr invalidate, void *priv, ++ XID *dri2_id_out) + { + DRI2DrawablePtr pPriv; + XID dri2_id; +@@ -298,9 +299,19 @@ DRI2CreateDrawable(ClientPtr client, Dra + if (rc != Success) + return rc; + ++ if (dri2_id_out) ++ *dri2_id_out = dri2_id; ++ + return Success; + } + ++int ++DRI2CreateDrawable(ClientPtr client, DrawablePtr pDraw, XID id, ++ DRI2InvalidateProcPtr invalidate, void *priv) ++{ ++ return DRI2CreateDrawable2(client, pDraw, id, invalidate, priv, NULL); ++} ++ + static int + DRI2DrawableGone(pointer p, XID id) + { +Index: xorg-server-1.12.3/hw/xfree86/dri2/dri2.h +=================================================================== +--- xorg-server-1.12.3.orig/hw/xfree86/dri2/dri2.h ++++ xorg-server-1.12.3/hw/xfree86/dri2/dri2.h +@@ -237,6 +237,13 @@ extern _X_EXPORT int DRI2CreateDrawable( + + extern _X_EXPORT void DRI2DestroyDrawable(DrawablePtr pDraw); + ++extern _X_EXPORT int DRI2CreateDrawable2(ClientPtr client, ++ DrawablePtr pDraw, ++ XID id, ++ DRI2InvalidateProcPtr invalidate, ++ void *priv, ++ XID *dri2_id_out); ++ + extern _X_EXPORT DRI2BufferPtr *DRI2GetBuffers(DrawablePtr pDraw, + int *width, + int *height, diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index ee942d1..afbbaf3 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Jul 13 00:19:59 UTC 2012 - badshah400@gmail.com + +- Add patches u_dri2_add_DRI2CreateDrawable2.patch and + u_0012-glx_Free_reference_to_destroyed_GLX_drawable.patch to fix + seemingly random crashes of the X stack [bnc#769553]; patches + came from upstream git commits, and were rebased to apply to + present version cleanly. + ------------------------------------------------------------------- Mon Jul 9 21:28:59 UTC 2012 - tobias.johannes.klausmann@mni.thm.de diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index bd05625..fec47e8 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -198,6 +198,8 @@ Patch307: u_0008-glx-Initialize-remaining-context-fields.patch Patch308: u_0009-glx-Use-one-function-to-add-a-context-to-all-global-.patch Patch309: u_0010-glx-Make-several-functions-available-outside-the-glx.patch Patch310: u_0011-glx-Implement-protocol-for-glXCreateContextAttribsAR.patch +Patch311: u_0012-glx_Free_reference_to_destroyed_GLX_drawable.patch +Patch400: u_dri2_add_DRI2CreateDrawable2.patch %description This package contains the X.Org Server. @@ -331,6 +333,8 @@ cp %{SOURCE96} . %patch308 -p1 %patch309 -p1 %patch310 -p1 +%patch311 -p1 +%patch400 -p1 %build autoreconf -fi