Commit 9236c582 authored by Chris Wilson's avatar Chris Wilson 🤔

sna: Defer fbGetWindowPixmap() for sna_composite

Mike Lothian ran into a surprising situation where compScreenUpdate was
calling CompositePicture without a pixmap attached to the destination
Window, and so we found ourselves chasing a NULL PixmapPtr.

  #1  to_sna_from_pixmap (pixmap=0x0) at sna.h:521
  #2  sna_composite (op=<optimized out>, src=0x55b3346c1420, mask=0x0,
      dst=0x55b3346c1d50, src_x=<optimized out>, src_y=<optimized out>, mask_x=0,
      mask_y=0, dst_x=0, dst_y=0, width=3840, height=2160) at sna_composite.c:652
  #3  0x000055b33202c208 in damageComposite (op=<optimized out>,
      pSrc=0x55b3346c1420, pMask=0x0, pDst=0x55b3346c1d50, xSrc=<optimized out>,
      ySrc=<optimized out>, xMask=0, yMask=0, xDst=0, yDst=0, width=3840,
      height=2160) at damage.c:513
  #4  0x000055b33201820c in CompositePicture (op=<optimized out>,
      op@entry=1 '\001', pSrc=pSrc@entry=0x55b3346c1420, pMask=pMask@entry=0x0,
      pDst=pDst@entry=0x55b3346c1d50, xSrc=xSrc@entry=0, ySrc=ySrc@entry=0,
      xMask=0, yMask=0, xDst=0, yDst=0, width=3840, height=2160) at picture.c:1547
  #5  0x000055b331fc85d3 in compWindowUpdateAutomatic (
      pWin=pWin@entry=0x55b3343a6bc0) at compwindow.c:705
  #6  0x000055b331fca029 in compPaintWindowToParent (pWin=pWin@entry=0x55b3343a6bc0)
      at compwindow.c:729
  #7  0x000055b331fc9fbb in compPaintChildrenToWindow (pWin=0x55b333e77b50)
      at compwindow.c:744
  #8  0x000055b331fca59f in compScreenUpdate (pClient=<optimized out>,
      closure=<optimized out>) at compalloc.c:57
  #9  0x000055b331f3abf4 in ProcessWorkQueue () at dixutils.c:536
  #10 0x000055b3320aaa51 in WaitForSomething (are_ready=<optimized out>)
      at WaitFor.c:192
  #11 0x000055b331f361a9 in Dispatch () at dispatch.c:421
  #12 0x000055b331f39cec in dix_main (argc=13, argv=0x7ffcf273f538,
      envp=<optimized out>) at main.c:276
  #13 0x000055b331f247de in main (argc=<optimized out>, argv=<optimized out>,
      envp=<optimized out>) at stubmain.c:34

Fortuitously, that drawable was also fully clipped so that it took an
early exit and so we can hide the segfault by delaying querying the
pixmap until after the clip check.

The ongoing mystery is how we ended up in that state in the first place.

Closes: #204Signed-off-by: Chris Wilson's avatarChris Wilson <>
parent ad5540f6
......@@ -649,15 +649,15 @@ sna_composite(CARD8 op,
CARD16 width, CARD16 height)
PixmapPtr pixmap = get_drawable_pixmap(dst->pDrawable);
struct sna *sna = to_sna_from_pixmap(pixmap);
struct sna_pixmap *priv;
struct sna_composite_op tmp;
RegionRec region;
struct sna *sna;
int dx, dy;
DBG(("%s(pixmap=%ld, op=%d, src=%ld+(%d, %d), mask=%ld+(%d, %d), dst=%ld+(%d, %d)+(%d, %d), size=(%d, %d)\n",
pixmap->drawable.serialNumber, op,
pixmap ? pixmap->drawable.serialNumber : 0, op,
get_picture_id(src), src_x, src_y,
get_picture_id(mask), mask_x, mask_y,
get_picture_id(dst), dst_x, dst_y,
......@@ -672,8 +672,7 @@ sna_composite(CARD8 op,
if (op == PictOpClear) {
DBG(("%s: discarding source and mask for clear\n", __FUNCTION__));
mask = NULL;
if (sna->clear)
src = sna->clear;
src = NULL;
if (!sna_compute_composite_region(&region,
......@@ -694,11 +693,6 @@ sna_composite(CARD8 op,
goto fallback;
if (wedged(sna)) {
DBG(("%s: fallback -- wedged\n", __FUNCTION__));
goto fallback;
if (!can_render_to_picture(dst)) {
DBG(("%s: fallback due to unhandled picture\n", __FUNCTION__));
goto fallback;
......@@ -711,6 +705,15 @@ sna_composite(CARD8 op,
goto fallback;
sna = to_sna_from_pixmap(pixmap);
if (wedged(sna)) {
DBG(("%s: fallback -- wedged\n", __FUNCTION__));
goto fallback;
if (op == PictOpClear)
src = sna->clear;
if (use_cpu(pixmap, priv, op, width, height) &&
!picture_is_gpu(sna, src, PREFER_GPU_RENDER) &&
!picture_is_gpu(sna, mask, PREFER_GPU_RENDER)) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment