Re: [PATCH xserver] ramdac: Check ScreenPriv != NULL in xf86ScreenSetCursor()

Wed, 25 Oct 2017 00:24:07 -0700 

Reviewed-by: Dave Airlie <[email protected]>

On 25 October 2017 at 11:39, Alex Goins <[email protected]> wrote:
> Similar to change cba5a10f, xf86ScreenSetCursor() would dereference ScreenPriv
> without NULL checking it. If Option "SWCursor" is specified, ScreenPriv == 
> NULL.
>
> Without this fix, it is observed that setting Option "SWCursor" "on" on the
> modesetting driver in a PRIME configuration will segfault the server.
>
> It is important to return success rather than failure in the instance that
> ScreenPriv == NULL and pCurs == NullCursor, because otherwise xf86SetCursor()
> can fall into infinite recursion: xf86SetCursor(pCurs) calls
> xf86ScreenSetCursor(pCurs), and if FALSE, calls xf86SetCursor(NullCursor). If
> xf86ScreenSetCursor(NullCursor) returns FALSE, it calls
> xf86SetCursor(NullCursor) again and this repeats forever.
>
> Signed-off-by: Alex Goins <[email protected]>
> ---
>  hw/xfree86/ramdac/xf86HWCurs.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/hw/xfree86/ramdac/xf86HWCurs.c b/hw/xfree86/ramdac/xf86HWCurs.c
> index 2e4c9e5..366837c 100644
> --- a/hw/xfree86/ramdac/xf86HWCurs.c
> +++ b/hw/xfree86/ramdac/xf86HWCurs.c
> @@ -181,9 +181,16 @@ xf86ScreenSetCursor(ScreenPtr pScreen, CursorPtr pCurs, 
> int x, int y)
>      xf86CursorScreenPtr ScreenPriv =
>          (xf86CursorScreenPtr) dixLookupPrivate(&pScreen->devPrivates,
>                                                 xf86CursorScreenKey);
> -    xf86CursorInfoPtr infoPtr = ScreenPriv->CursorInfoPtr;
> +
> +    xf86CursorInfoPtr infoPtr;
>      unsigned char *bits;
>
> +    if (!ScreenPriv) { /* NULL if Option "SWCursor" */
> +        return (pCurs == NullCursor);
> +    }
> +
> +    infoPtr = ScreenPriv->CursorInfoPtr;
> +
>      if (pCurs == NullCursor) {
>          (*infoPtr->HideCursor) (infoPtr->pScrn);
>          return TRUE;
> --
> 2.7.4
>
> _______________________________________________
> [email protected]: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: https://lists.x.org/mailman/listinfo/xorg-devel
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to