Skip to content

dix: Fix segfault if CreateGC() failed in XaceHook()

CreateGC() allocates a new GC and then checks the resource access rights with XaceHook().

If the call to XaceHook() fails (i.e. GC creation is not granted to the client), CreateGC() exits early and calls FreeGC() to avoid leaking the newly allocated GC.

If that happens, the screen's own CreateGC() has not yet been invoked, and as a result the GC functions (GCfuncs) have not been set yet.

FreeGC() will invoke the funcs->DestroyClip() and the funcs->DestroyGC() functions, but since those haven't been set, the Xserver will segfault trying to call a NULL function.

To prevent that issue, make sure the GC's functions are initialized prior to call them in FreeGC().

Closes: #1625 (closed)
Reviewed-by: Olivier Fourdan

Edited by Olivier Fourdan

Merge request reports