Possible SEGV (null pointer dereference) in dri2GetGlxDrawableFromXDrawableId()
A possible NULL pointer dereference will occur in dri2GetGlxDrawableFromXDrawableId()
if the X11 server sends an DRI2_BufferSwapComplete
event unexpectedly when the application is using DRI3.
This bug is difficult to reproduce (it is necessary for the X11 server to send an unexpected event). Nevetheless, the following is the relevant source code + annotations:
libGLX_mesa.so:dri2_glx.c
/* This will be called from DRI2WireFromEvent on an unexpected
* DRI2_BufferSwapComplete event. */
__GLXDRIdrawable * dri2GetGlxDrawableFromXDrawableId(...)
{
struct glx_display *d = __glXInitialize(dpy);
struct dri2_display *pdp = (struct dri2_display *) d->dri2Display;
/* <---- Here pdp will be NULL if the program is using DRI3,
* leading to a SEGV in the following line: */
if (__glxHashLookup(pdp->dri2Hash, id, (void *) &pdraw) == 0)
return pdraw;
return NULL;
}