xwl_output->randr_crtc is used in the update_screen_size() function : ==5331== Invalid read of size 4 ==5331== at 0x15263D: update_screen_size (xwayland-output.c:190) ==5331== by 0x152C48: xwl_output_remove (xwayland-output.c:413) ==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814) ==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651) ==5331== by 0x2A5322: WaitForSomething (WaitFor.c:208) ==5331== by 0x27574B: Dispatch (dispatch.c:421) ==5331== by 0x279945: dix_main (main.c:276) ==5331== Address 0x1aacb5f4 is 36 bytes inside a block of size 154 free'd ==5331== at 0x48369EB: free (vg_replace_malloc.c:530) ==5331== by 0x1F8AE8: RROutputDestroyResource (rroutput.c:421) ==5331== by 0x29A2AC: doFreeResource (resource.c:880) ==5331== by 0x29AE5B: FreeResource (resource.c:910) ==5331== by 0x152BE0: xwl_output_remove (xwayland-output.c:408) ==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814) ==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651) ==5331== Block was alloc'd at ==5331== at 0x48357BF: malloc (vg_replace_malloc.c:299) ==5331== by 0x1F93E0: RROutputCreate (rroutput.c:83) ==5331== by 0x152A75: xwl_output_create (xwayland-output.c:361) ==5331== by 0x14BE59: registry_global (xwayland.c:764) ==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4) ==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0) ==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814) ==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651) ==5331== by 0x2A5322: WaitForSomething (WaitFor.c:208)
Signed-off-by: Lionel Landwerlin <lionel.g.landwer...@intel.com> --- hw/xwayland/xwayland-output.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/xwayland/xwayland-output.c b/hw/xwayland/xwayland-output.c index 48faeb142..26c9de20e 100644 --- a/hw/xwayland/xwayland-output.c +++ b/hw/xwayland/xwayland-output.c @@ -392,14 +392,15 @@ xwl_output_remove(struct xwl_output *xwl_output) int width = 0, height = 0; Bool need_rotate = (xwl_output->xdg_output == NULL); - RRCrtcDestroy(xwl_output->randr_crtc); - RROutputDestroy(xwl_output->randr_output); xorg_list_del(&xwl_output->link); xorg_list_for_each_entry(it, &xwl_screen->output_list, link) output_get_new_size(it, need_rotate, &height, &width); update_screen_size(xwl_output, width, height); + RRCrtcDestroy(xwl_output->randr_crtc); + RROutputDestroy(xwl_output->randr_output); + xwl_output_destroy(xwl_output); } -- 2.18.0 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel