Skip to content

glx: Fix use after free in MakeCurrent

Olivier Fourdan requested to merge ofourdan/xserver:issue1186 into master

The fix from commit c468d34c - "glx: Set ContextTag for all contexts" is actually incomplete, it correctly sets the context tag for direct contexts as well, but would fail to mark the context's currentClient.

As a result, when the context is destroyed, it would be freed immediately rather than being just scheduled for deletion, even though it is still current for some client. leading to a use-after-free.

Make sure to also set the context's currentClient for direct contexts as well, not just indirect ones.

Signed-off-by: Olivier Fourdan ofourdan@redhat.com Fixes: c468d34c - "glx: Set ContextTag for all contexts"

CC: @ajax

Merge request reports

Loading