Hi Daniel, On Thu, Jan 18, 2018 at 12:22 PM, Daniel Stone <dan...@fooishbar.org> wrote:
> Odd; how could we have a realized 0x0 window which also has damage? I > Hehe, yeap, I had the same question, but didn't find the answer... :) > wonder if this isn't actually a UAF where the xwl_window has since > been unrealized, in which case you should be able to reproduce pretty > easily by causing damage on a window and then immediately destroying > it. In that case, we just need > wl_list_remove(&xwl_window->link_damage) inside > xwl_window_unrealize(). > But we do already do an “xorg_list_del(&xwl_window->link_damage);” in xwl_window_unrealize() However, we do that only if xwl_window is a thing and the damage region is not empty: https://cgit.freedesktop.org/xorg/xserver/tree/hw/xwayland/xwayland.c#n583 Weird... Cheers, Olivier
_______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel