On Sat, 2009-05-02 at 10:08 +0100, Magnus Kessler wrote: > With commit 57aff88c7d0761e590806d07bee1c9410680c89f the server crashes in > AnimCursorCreate (animcursor.c:393) when creating an animated cursor. The > underlying cause is that only cursors[1] is ever initialised in > ProcRenderCreateAnimCursor (render.c:1860) > > Signed-off-by: Magnus Kessler <[email protected]> > > diff --git a/render/render.c b/render/render.c > index 8487b60..5622994 100644 > --- a/render/render.c > +++ b/render/render.c > @@ -1857,7 +1857,7 @@ ProcRenderCreateAnimCursor (ClientPtr client) > elt = (xAnimCursorElt *) (stuff + 1); > for (i = 0; i < ncursor; i++) > { > - ret = dixLookupResourceByType((pointer *)(cursors + 1), elt->cursor, > + ret = dixLookupResourceByType((pointer *)(cursors + i), elt->cursor, > RT_CURSOR, client, DixReadAccess);
I didn't see this before I made and pushed the same fix, sorry. -- Earthling Michel Dänzer | http://www.vmware.com Libre software enthusiast | Debian, X and DRI developer _______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
