From 766d90f1a201d8fd19e49df14d712efbb82223b4 Mon Sep 17 00:00:00 2001 From: Michel Dänzer Date: Wed, 10 Mar 2010 18:26:25 +0100 Subject: st/xorg: Work around cursor reference counting bugs in older X servers. Could result in use of freed memory and consequently random crashes, e.g. on screen resize. (cherry picked from commit 21c91b410a2a2cbf8eb677e59e3322f86320f2b0) Conflicts: src/gallium/state_trackers/xorg/xorg_tracker.h --- src/gallium/state_trackers/xorg/xorg_crtc.c | 14 ++++++++++++++ src/gallium/state_trackers/xorg/xorg_driver.c | 5 +++++ src/gallium/state_trackers/xorg/xorg_tracker.h | 1 + 3 files changed, 20 insertions(+) (limited to 'src/gallium/state_trackers') diff --git a/src/gallium/state_trackers/xorg/xorg_crtc.c b/src/gallium/state_trackers/xorg/xorg_crtc.c index 000ec9048f5..53a3c5c2b7d 100644 --- a/src/gallium/state_trackers/xorg/xorg_crtc.c +++ b/src/gallium/state_trackers/xorg/xorg_crtc.c @@ -275,7 +275,21 @@ err_bo_destroy: static void crtc_load_cursor_argb(xf86CrtcPtr crtc, CARD32 * image) { + xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(crtc->scrn); modesettingPtr ms = modesettingPTR(crtc->scrn); + + /* Older X servers have cursor reference counting bugs leading to use of + * freed memory and consequently random crashes. Should be fixed as of + * xserver 1.8, but this workaround shouldn't hurt anyway. + */ + if (config->cursor) + config->cursor->refcnt++; + + if (ms->cursor) + FreeCursor(ms->cursor, None); + + ms->cursor = config->cursor; + if (ms->screen) crtc_load_cursor_argb_ga3d(crtc, image); #ifdef HAVE_LIBKMS diff --git a/src/gallium/state_trackers/xorg/xorg_driver.c b/src/gallium/state_trackers/xorg/xorg_driver.c index 8fb6e5a96dd..d7c67463d21 100644 --- a/src/gallium/state_trackers/xorg/xorg_driver.c +++ b/src/gallium/state_trackers/xorg/xorg_driver.c @@ -922,6 +922,11 @@ drv_close_screen(int scrnIndex, ScreenPtr pScreen) drv_leave_vt(scrnIndex, 0); } + if (ms->cursor) { + FreeCursor(ms->cursor, None); + ms->cursor = NULL; + } + if (cust && cust->winsys_screen_close) cust->winsys_screen_close(cust); diff --git a/src/gallium/state_trackers/xorg/xorg_tracker.h b/src/gallium/state_trackers/xorg/xorg_tracker.h index 2f5cc64d9c5..c1884ebd115 100644 --- a/src/gallium/state_trackers/xorg/xorg_tracker.h +++ b/src/gallium/state_trackers/xorg/xorg_tracker.h @@ -90,6 +90,7 @@ typedef struct _modesettingRec Bool noAccel; Bool SWCursor; + CursorPtr cursor; CloseScreenProcPtr CloseScreen; /* Broken-out options. */ -- cgit v1.2.3