xwayland: Use xwl_present_reset_timer in xwl_present_timer_callback
Apart from simplifying the code, this should also prevent a condition
(which might only be possible with the following fix) reported in
https://gitlab.freedesktop.org/wayland/weston/issues/115#note_52467:
1. xwl_present_timer_callback indirectly calls xwl_present_reset_timer
   -> xwl_present_free_timer
2. xwl_present_timer_callback then returns a non-0 value, so DoTimer
   calls TimerSet with the old xwl_present_window->frame_timer pointer
   which was freed in step 1 => use after free
Calling xwl_present_reset_timer explicitly passes NULL to TimerSet if
step 1 freed xwl_present_window->frame_timer, and it will allocate a new
one.
(cherry picked from commit 5e8b9a3a56)
			
			
This commit is contained in:
		
							parent
							
								
									cf8e064ec0
								
							
						
					
					
						commit
						47aed554b7
					
				|  | @ -216,24 +216,15 @@ xwl_present_timer_callback(OsTimerPtr timer, | ||||||
|                            void *arg) |                            void *arg) | ||||||
| { | { | ||||||
|     struct xwl_present_window *xwl_present_window = arg; |     struct xwl_present_window *xwl_present_window = arg; | ||||||
|     WindowPtr present_window = xwl_present_window->window; |  | ||||||
|     struct xwl_window *xwl_window = xwl_window_from_window(present_window); |  | ||||||
| 
 | 
 | ||||||
|     xwl_present_window->frame_timer_firing = TRUE; |     xwl_present_window->frame_timer_firing = TRUE; | ||||||
|     xwl_present_window->msc++; |     xwl_present_window->msc++; | ||||||
|     xwl_present_window->ust = GetTimeInMicros(); |     xwl_present_window->ust = GetTimeInMicros(); | ||||||
| 
 | 
 | ||||||
|     xwl_present_events_notify(xwl_present_window); |     xwl_present_events_notify(xwl_present_window); | ||||||
|  |     xwl_present_reset_timer(xwl_present_window); | ||||||
| 
 | 
 | ||||||
|     if (xwl_present_has_events(xwl_present_window)) { |     return 0; | ||||||
|         /* Still events, restart timer */ |  | ||||||
|         return xwl_present_is_flipping(present_window, xwl_window) ? TIMER_LEN_FLIP : |  | ||||||
|                                                                      TIMER_LEN_COPY; |  | ||||||
|     } else { |  | ||||||
|         /* No more events, do not restart timer and delete it instead */ |  | ||||||
|         xwl_present_free_timer(xwl_present_window); |  | ||||||
|         return 0; |  | ||||||
|     } |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void | static void | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue