From: Dave Airlie <[email protected]> Since the free routines free the master pixmap then the slave, we should be taking a reference when we bind them together.
Fixes a use-after-free when resizing a primed gears. Signed-off-by: Dave Airlie <[email protected]> --- dix/pixmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dix/pixmap.c b/dix/pixmap.c index 9163e99..2418812 100644 --- a/dix/pixmap.c +++ b/dix/pixmap.c @@ -148,6 +148,10 @@ PixmapPtr PixmapShareToSlave(PixmapPtr pixmap, ScreenPtr slave) pixmap->drawable.height, depth, 0, pixmap->devKind, NULL); + /* have the slave pixmap take a reference on the master pixmap + later we destroy them both at the same time */ + pixmap->refcnt++; + spix->master_pixmap = pixmap; ret = slave->SetSharedPixmapBacking(spix, handle); -- 1.7.11.2 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
