-
The function `xwl_glamor_gbm_create_pixmap()` first creates a buffer objects and then creates the xwl_pixmap from it. However, `xwl_glamor_gbm_create_pixmap_for_bo()` is not called if the buffer object creation fails, and `xwl_glamor_gbm_create_pixmap()` simply returns `glamor_create_pixmap()`. The problem with this is that if `xwl_glamor_gbm_create_pixmap_for_bo()` is not called then neither is `xwl_pixmap_set_private()` and further calls to `xwl_pixmap_get()` will return NULL and cause a NULL pointer dereference if the return value is not checked: #0 xwl_glamor_gbm_get_wl_buffer_for_pixmap () at hw/xwayland/xwayland-glamor-gbm.c:248 #1 xwl_window_post_damage () at hw/xwayland/xwayland.c:697 #2 xwl_display_post_damage () at hw/xwayland/xwayland.c:759 #3 block_handler () at hw/xwayland/xwayland.c:890 #4 BlockHandler () at dix/dixutils.c:388 #5 WaitForSomething () at os/WaitFor.c:201 #6 Dispatch () at dix/dispatch.c:421 #7 dix_main () at dix/main.c:276 #8 __libc_start_main () at ../csu/libc-start.c:308 #9 _start () (gdb) print xwl_pixmap $1 = (struct xwl_pixmap *) 0x0 Make sure we check for `xwl_pixmap_get()` returned value where relevant and fail gracefully if this is the case. See also: https://gitlab.gnome.org/GNOME/mutter/issues/340 Signed-off-by:Olivier Fourdan <ofourdan@redhat.com> Reviewed-by:
Marco Trevisan <mail@3v1n0.net> Reviewed-by:
Peter Hutterer <peter.hutterer@who-t.net>
036794be
