Commit 1930ed23 authored by Olivier Fourdan's avatar Olivier Fourdan Committed by Olivier Fourdan

xwayland: Remove pending stream reference when freeing

The EGLStream backend keeps a queue of pending streams for each Xwayland
window.

However, when this pending queue is freed, the corresponding private
data may not be cleared (typically if the pixmap for this window has
changed before the compositor finished attaching the consumer for the
window's pixmap's original eglstream), leading to a use-after-free and a
crash when trying to use that data as the window pixmap.

Make sure to clear the private data when the pending stream is freed.

Closes: #1055Signed-off-by: default avatarOlivier Fourdan <ofourdan@redhat.com>
Tested-by: Karol Szuster's avatarKarol Szuster <karolsz9898@gmail.com>
Reviewed-by: Adam Jackson's avatarAdam Jackson <ajax@redhat.com>
(cherry picked from commit a5f439dc)
parent 1ac389dd
Pipeline #208276 passed with stages
in 8 minutes and 37 seconds
...@@ -431,8 +431,8 @@ xwl_eglstream_consumer_ready_callback(void *data, ...@@ -431,8 +431,8 @@ xwl_eglstream_consumer_ready_callback(void *data,
DebugF("eglstream: win %d completes eglstream for pixmap %p, congrats!\n", DebugF("eglstream: win %d completes eglstream for pixmap %p, congrats!\n",
pending->window->drawable.id, pending->pixmap); pending->window->drawable.id, pending->pixmap);
xwl_eglstream_window_set_pending(pending->window, NULL);
out: out:
xwl_eglstream_window_set_pending(pending->window, NULL);
xorg_list_del(&pending->link); xorg_list_del(&pending->link);
free(pending); free(pending);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment