From 6c442fc4f7d84508665dfdee8a75ec91f50395dc Mon Sep 17 00:00:00 2001 From: "Jasper St. Pierre" Date: Mon, 30 Jun 2014 15:28:16 -0400 Subject: [PATCH] xwayland-input: Fix a crasher for a race with the Wayland compositor If something quickly maps and unmaps a window, then we'll immediately create and destroy the Wayland surface that cooresponds to that window. If our mouse pointer is over the window when the surface is created, we'll receive a enter on the window. Since resource creation and destruction is not synchronous, that means that the compositor will queue up an event for a resource that's eventually destroyed. On the client-side, when we receive this message, we note that the resource isn't allocated, and get a NULL surface in our enter handler. We immediately try to dereference this, and then crash. This was caused by running gtkperf while moving the window a lot. Reviewed-by: Daniel Stone Signed-off-by: Jasper St. Pierre --- hw/xwayland/xwayland-input.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c index cc5f7df05..b8c543ce4 100644 --- a/hw/xwayland/xwayland-input.c +++ b/hw/xwayland/xwayland-input.c @@ -152,6 +152,15 @@ pointer_handle_enter(void *data, struct wl_pointer *pointer, ScreenPtr pScreen = xwl_seat->xwl_screen->screen; ValuatorMask mask; + /* There's a race here where if we create and then immediately + * destroy a surface, we might end up in a state where the Wayland + * compositor sends us an event for a surface that doesn't exist. + * + * Don't process enter events in this case. + */ + if (surface == NULL) + return; + xwl_seat->xwl_screen->serial = serial; xwl_seat->pointer_enter_serial = serial;