Skip to content

Fix null pointer in FreeRec()

Submitted by Thomas Meyer

Assigned to Xorg Project Team

Link to original bug (#93779)

Description

There seem to be a bug in the modesetting driver:

(gdb) p (modesettingPtr)((scrn)->driverPrivate) $6 = (struct _modesettingRec *) 0x0

driverPrivate is NULL. It is set to NULL in FreeRec function:

625│ return; 626│-> pScrn->driverPrivate = NULL; 627│ 628│ if (ms->fd > 0) { 629│ modesettingEntPtr ms_ent; 630│ int ret; 631│ 632├> ms_ent = ms_ent_priv(pScrn); 633│ ms_ent->fd_ref--; 634│ if (!ms_ent->fd_ref) { 635│ if (ms->pEnt->location.type == BUS_PCI) 636│ ret = drmClose(ms->fd); 637│ else 638│ #ifdef XF86_PDEV_SERVER_FD 639│ if (!(ms->pEnt->location.type == BUS_PLATFORM && /usr/src/debug/xorg-server-1.18.0/hw/xfree86/drivers/modesetting/driver.c

line 626 clears the pointer and in line 632 it's used later on again by ms_ent_priv().

See also https://bugzilla.redhat.com/show_bug.cgi?id=1273183

Version: git

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information