On Mon, 2013-12-30 at 09:15 -0600, Andrew Eikum wrote: > If there is a selection left over from a previous execution of the > main loop, and that selection has privates allocated for it, the X > server will crash. This is because dixResetPrivates() resets the > privates refcounts to zero without accounting for the reference held > by the selection object. When the selection is then deleted in > InitSelections() after the call to dixResetPrivates(), the refcount > for its privates type goes negative and bad things happen. > > To fix this, we should delete any existing selections before calling > dixResetPrivates(). This will properly release the selection's > privates and avoid the crash. > > A more thorough description of the problem and a test case to > reproduce the crash is available at a previous mail: > "Negative Selection devPrivates refcount?" > By Andrew Eikum to xorg-devel on 10 Dec 2013 > http://lists.freedesktop.org/archives/xorg-devel/2013-December/039492.html
Reviewed-by: Adam Jackson <[email protected]> - ajax _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
