ActivateDevice was ignoring errors from DeviceCursorInitialize, so cursor-related calls failed later. Jeremy Huddleston saw that crash in miPointerConstrainCursor, while with Xvfb I saw it in miSpriteRealizeCursor.
miDCDeviceCleanup frees any non-NULL GCs. miDCDeviceInitialize calls Cleanup on any failure, but if it failed early then some of the pointers in the miDCBufferPtr were garbage. Switch from malloc to calloc to ensure everything's initialized safely first. With these two fixes, if CreateGC fails then the server gracefully fails in FatalError instead of segfaulting. Signed-off-by: Jamey Sharp <[email protected]> Cc: Peter Hutterer <[email protected]> --- dix/devices.c | 3 ++- mi/midispcur.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dix/devices.c b/dix/devices.c index de72c88..5bffcac 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -467,7 +467,8 @@ ActivateDevice(DeviceIntPtr dev, BOOL sendevent) /* Initialize memory for sprites. */ if (IsMaster(dev) && dev->spriteInfo->spriteOwner) - pScreen->DeviceCursorInitialize(dev, pScreen); + if (!pScreen->DeviceCursorInitialize(dev, pScreen)) + return BadImplementation; SendDevicePresenceEvent(dev->id, DeviceAdded); if (sendevent) diff --git a/mi/midispcur.c b/mi/midispcur.c index 1acc469..4de37d7 100644 --- a/mi/midispcur.c +++ b/mi/midispcur.c @@ -780,7 +780,7 @@ miDCDeviceInitialize(DeviceIntPtr pDev, ScreenPtr pScreen) { pScreen = screenInfo.screens[i]; - pBuffer = malloc(sizeof(miDCBufferRec)); + pBuffer = calloc(1, sizeof(miDCBufferRec)); if (!pBuffer) goto failure; -- 1.7.0 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
