-
This is a rare occurrence of a crash in Xwayland for which I don't have the reproducing steps, just a core file. The backtrace looks as follow: #0 raise () from /usr/lib64/libc.so.6 #1 abort () from /usr/lib64/libc.so.6 #2 OsAbort () at utils.c:1361 #3 AbortServer () at log.c:877 #4 FatalError () at log.c:1015 #5 OsSigHandler () at osinit.c:154 #6 <signal handler called> #7 xwl_glamor_pixmap_get_wl_buffer () at xwayland-glamor.c:162 #8 xwl_screen_post_damage () at xwayland.c:514 #9 block_handler () at xwayland.c:665 #10 BlockHandler () at dixutils.c:388 #11 WaitForSomething () at WaitFor.c:219 #12 Dispatch () at dispatch.c:422 #13 dix_main () at main.c:287 The crash is caused by dereferencing “xwl_pixmap->buffer” in xwl_glamor_pixmap_get_wl_buffer() because “xwl_pixmap” is NULL. Reason for this is because the corresponding pixmap is from the root window and xwayland is rootless by default. This can happen if the window was mapped, redirected, damaged and unredirected immediately, before the damage is processed by Xwayland. Make sure to remove the dirty window from the damage list on unrealize to prevent this from happening. Credit goes to Adam Jackson <ajax@nwnk.net> and Daniel Stone <daniel@fooishbar.org> for finding the root cause the issue. Signed-off-by:
Olivier Fourdan <ofourdan@redhat.com> Reviewed-by:
Daniel Stone <daniels@collabora.com>
3362422e
