glamor_create_pixmap() would return a NullPixmap if the given size is larger than the maximum size of a pixmap.
But glamor_get_pixmap_texture() won't check if the given pixmap is non-null, leading to a segfault if glamor_create_pixmap() failed. This can be reproduced by passing Xephyr a very large screen width, e.g.: $ Xephyr -glamor -screen 32768x1024 :10 (EE) (EE) Backtrace: (EE) 0: Xephyr (OsSigHandler+0x29) (EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) (EE) 2: Xephyr (glamor_get_pixmap_texture+0x30) (EE) 3: Xephyr (ephyr_glamor_create_screen_resources+0xc6) (EE) 4: Xephyr (ephyrCreateResources+0x98) (EE) 5: Xephyr (dix_main+0x275) (EE) 6: /lib64/libc.so.6 (__libc_start_main+0xf1) (EE) 7: Xephyr (_start+0x2a) (EE) 8: ? (?+0x2a) [0x2a] (EE) (EE) Segmentation fault at address 0x0 (EE) Fatal server error: (EE) Caught signal 11 (Segmentation fault). Server aborting (EE) Aborted (core dumped) Bugzilla: https://bugzilla.redhat.com/1431633 Signed-off-by: Olivier Fourdan <[email protected]> --- glamor/glamor.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/glamor/glamor.c b/glamor/glamor.c index c54cf3b..2467443 100644 --- a/glamor/glamor.c +++ b/glamor/glamor.c @@ -133,6 +133,9 @@ glamor_get_pixmap_texture(PixmapPtr pixmap) { glamor_pixmap_private *pixmap_priv = glamor_get_pixmap_private(pixmap); + if (!pixmap_priv) + return 0; + if (pixmap_priv->type != GLAMOR_TEXTURE_ONLY) return 0; -- 2.9.3 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
