Skip to content

compositor-drm: clear gbm_surface pointer after destroying the GBM surface

Philipp Zabel requested to merge pH5/weston:clear-gbm-surface into master

I think there is a possible use-after-free issue with output->gbm_surface if HAVE_GBM_MODIFIERS is enabled but the plane does not support any modifiers. If drm_output_fini_egl destroys the gbm_surface but does not clear the pointer, the following drm_output_ini_egl (for example called from drm_output_switch_mode) will not create a GBM surface because the pointer is not NULL.

Merge request reports

Loading