The fbWindow family of functions (Map, Unmap, Position and Destroy) are all terminal functions, that is they do not chain up to earlier extensions. This breaks those chains which leads to not only resource leaks but also dereference of dangling pointers. One such issue arises with fbScreenInit() breaking the earlier present_screen_init() and causing the Xserver to die when a Window is closed after being used with Present and fb:
==15808== Invalid read of size 4 ==15808== at 0x81A9226: dixGetPrivateAddr (privates.h:123) ==15808== by 0x81A928C: dixGetPrivate (privates.h:137) ==15808== by 0x81A92BE: present_window_priv (present_priv.h:143) ==15808== by 0x81A92EA: present_free_event (present_event.c:35) ==15808== by 0x80A9C85: doFreeResource (resource.c:873) ==15808== by 0x80AA5F8: FreeClientResources (resource.c:1139) ==15808== by 0x807BD5E: CloseDownClient (dispatch.c:3384) ==15808== by 0x80740B5: Dispatch (dispatch.c:406) ==15808== by 0x80816CD: dix_main (main.c:296) ==15808== by 0x80D2FA1: main (stubmain.c:34) ==15808== Address 0x60f38c8 is 24 bytes inside a block of size 168 free'd ==15808== at 0x4007BCD: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==15808== by 0x80A1A67: _dixFreeObjectWithPrivates (privates.c:538) ==15808== by 0x80B5E0D: DeleteWindow (window.c:991) ==15808== by 0x80A9C85: doFreeResource (resource.c:873) ==15808== by 0x80AA5F8: FreeClientResources (resource.c:1139) ==15808== by 0x807BD5E: CloseDownClient (dispatch.c:3384) ==15808== by 0x80740B5: Dispatch (dispatch.c:406) ==15808== by 0x80816CD: dix_main (main.c:296) ==15808== by 0x80D2FA1: main (stubmain.c:34) Signed-off-by: Chris Wilson <[email protected]> --- fb/fbscreen.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/fb/fbscreen.c b/fb/fbscreen.c index b2b9739..9876ba7 100644 --- a/fb/fbscreen.c +++ b/fb/fbscreen.c @@ -106,11 +106,15 @@ fbSetupScreen(ScreenPtr pScreen, void *pbits, /* pointer to screen bitmap */ pScreen->GetImage = fbGetImage; pScreen->GetSpans = fbGetSpans; pScreen->CreateWindow = fbCreateWindow; - pScreen->DestroyWindow = fbDestroyWindow; - pScreen->PositionWindow = fbPositionWindow; + if (pScreen->DestroyWindow == NULL) + pScreen->DestroyWindow = fbDestroyWindow; + if (pScreen->PositionWindow == NULL) + pScreen->PositionWindow = fbPositionWindow; pScreen->ChangeWindowAttributes = fbChangeWindowAttributes; - pScreen->RealizeWindow = fbMapWindow; - pScreen->UnrealizeWindow = fbUnmapWindow; + if (pScreen->RealizeWindow == NULL) + pScreen->RealizeWindow = fbMapWindow; + if (pScreen->UnrealizeWindow == NULL) + pScreen->UnrealizeWindow = fbUnmapWindow; pScreen->CopyWindow = fbCopyWindow; pScreen->CreatePixmap = fbCreatePixmap; pScreen->DestroyPixmap = fbDestroyPixmap; -- 2.0.0.rc2 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
