From: Egbert Eich Date: Tue Oct 18 20:22:38 2011 +0200 Subject: [PATCH] Don't call deleted Bloxk/WakeupHandler() Patch-Mainline: Upstream/2ee85d95 Git-commit: b93eda251f0b6d0a1601511a55b060604919cc81 References: bnc #723777 Signed-off-by: Egbert Eich When Block/WakeupHandlers are unregistered from within a handler the list of handlers is not corrected right away but they are marked as deleted. If a deleted handler in the handler list is located after the handler that calls the unregister function it was still called, as the list was only corrected after all handlers were processed. This could cause a crash if the handler got passed a pointer to a data structure which was no longer existing. A check for the deleted flag solves this problem. Signed-off-by: Egbert Eich --- xorg-server-1.10.4/dix/dixutils.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-) diff --git a/xorg-server-1.10.4/dix/dixutils.c b/xorg-server-1.10.4/dix/dixutils.c index 104363b..dd1c318 100644 --- a/xorg-server-1.10.4/dix/dixutils.c +++ b/xorg-server-1.10.4/dix/dixutils.c @@ -386,8 +386,9 @@ BlockHandler(pointer pTimeout, pointer pReadmask) screenInfo.screens[i]->blockData, pTimeout, pReadmask); for (i = 0; i < numHandlers; i++) - (*handlers[i].BlockHandler) (handlers[i].blockData, - pTimeout, pReadmask); + if (!handlers[i].deleted) + (*handlers[i].BlockHandler) (handlers[i].blockData, + pTimeout, pReadmask); if (handlerDeleted) { for (i = 0; i < numHandlers;) @@ -416,8 +417,9 @@ WakeupHandler(int result, pointer pReadmask) ++inHandler; for (i = numHandlers - 1; i >= 0; i--) - (*handlers[i].WakeupHandler) (handlers[i].blockData, - result, pReadmask); + if (!handlers[i].deleted) + (*handlers[i].WakeupHandler) (handlers[i].blockData, + result, pReadmask); for (i = 0; i < screenInfo.numScreens; i++) (* screenInfo.screens[i]->WakeupHandler)(i, screenInfo.screens[i]->wakeupData,