On Mon, Feb 07, 2011 at 11:15:24AM +0100, Soeren Sandmann wrote: > Bryce Harrington <[email protected]> writes: > > > pixman_image_create_bits() can return NULL under a variety of > > circumstances. If this happens, it will segfault when dereferenced in > > pixman_image_set_accessors(). > > > > http://bugs.freedesktop.org/show_bug.cgi?id=28882 > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596155 > > https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/705078 > > > > Signed-off-by: Bryce Harrington <[email protected]> > > --- > > fb/fbpict.c | 3 ++- > > 1 files changed, 2 insertions(+), 1 deletions(-) > > > > diff --git a/fb/fbpict.c b/fb/fbpict.c > > index 7636040..79b462b 100644 > > --- a/fb/fbpict.c > > +++ b/fb/fbpict.c > > @@ -163,7 +163,8 @@ create_bits_picture (PicturePtr pict, > > pict->format, > > pixmap->drawable.width, pixmap->drawable.height, > > (uint32_t *)bits, stride * sizeof (FbStride)); > > - > > + if (!image) > > + return NULL; > > This patch is correct, I believe, so > > Reviewed-by: Soren Sandmann <[email protected]< > > However, I don't think it fixes the underlying bug since it's very > likely that pixman_image_create_bits() returned NULL because it was > passed incorrect parameters.
I agree, I'm still debugging the problem, but seemed clear this bit of error checking was missing. The other two bug reports probably have different underlying causes but they both also get hung up at this point in the error handling logic, so seems worth fixing in general. Bryce _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
