Commit a5f439dc authored by Olivier Fourdan's avatar Olivier Fourdan 🛠 Committed by Adam Jackson
Browse files

xwayland: Remove pending stream reference when freeing

The EGLStream backend keeps a queue of pending streams for each Xwayland
window.

However, when this pending queue is freed, the corresponding private
data may not be cleared (typically if the pixmap for this window has
changed before the compositor finished attaching the consumer for the
window's pixmap's original eglstream), leading to a use-after-free and a
crash when trying to use that data as the window pixmap.

Make sure to clear the private data when the pending stream is freed.

Closes: xorg/xserver#1055

Signed-off-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
Tested-by: Karol Szuster's avatarKarol Szuster <karolsz9898@gmail.com>
Reviewed-by: Adam Jackson's avatarAdam Jackson <ajax@redhat.com>
parent 0b86c0c3
Pipeline #204478 passed with stages
in 3 minutes and 58 seconds
......@@ -437,8 +437,8 @@ xwl_eglstream_consumer_ready_callback(void *data,
DebugF("eglstream: win %d completes eglstream for pixmap %p, congrats!\n",
pending->window->drawable.id, pending->pixmap);
xwl_eglstream_window_set_pending(pending->window, NULL);
out:
xwl_eglstream_window_set_pending(pending->window, NULL);
xorg_list_del(&pending->link);
free(pending);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment