Commit 1930ed23 authored by Olivier Fourdan's avatar Olivier Fourdan 🛠 Committed by Olivier Fourdan
Browse files

xwayland: Remove pending stream reference when freeing

The EGLStream backend keeps a queue of pending streams for each Xwayland

However, when this pending queue is freed, the corresponding private
data may not be cleared (typically if the pixmap for this window has
changed before the compositor finished attaching the consumer for the
window's pixmap's original eglstream), leading to a use-after-free and a
crash when trying to use that data as the window pixmap.

Make sure to clear the private data when the pending stream is freed.

Closes: xorg/xserver#1055

Signed-off-by: Olivier Fourdan's avatarOlivier Fourdan <>
Tested-by: Karol Szuster's avatarKarol Szuster <>
Reviewed-by: Adam Jackson's avatarAdam Jackson <>
(cherry picked from commit a5f439dc)
parent 1ac389dd
Pipeline #208274 passed with stages
in 6 minutes and 14 seconds
...@@ -431,8 +431,8 @@ xwl_eglstream_consumer_ready_callback(void *data, ...@@ -431,8 +431,8 @@ xwl_eglstream_consumer_ready_callback(void *data,
DebugF("eglstream: win %d completes eglstream for pixmap %p, congrats!\n", DebugF("eglstream: win %d completes eglstream for pixmap %p, congrats!\n",
pending->window->, pending->pixmap); pending->window->, pending->pixmap);
xwl_eglstream_window_set_pending(pending->window, NULL);
out: out:
xwl_eglstream_window_set_pending(pending->window, NULL);
xorg_list_del(&pending->link); xorg_list_del(&pending->link);
free(pending); free(pending);
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment