randr: Catch two more potential unset rrScrPriv uses
Ricardo Salveti <ricardo.salveti@linaro.org> found one place where the randr code could use the randr screen private data without checking for null first. This happens when the X server is running with multiple screens, some of which are randr enabled and some of which are not. Applications making protocol requests to the non-randr screens can cause segfaults where the server touches the unset private structure. I audited the code and found two more possible problem spots; the trick to auditing for this issue was to look for functions not taking a RandR data structure and where there was no null screen private check above them in the call graph. Signed-off-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Keith Packard
parent
32603f57ca
commit
855003c333
|
|
@ -546,7 +546,8 @@ ProcRRSetOutputPrimary(ClientPtr client)
|
|||
}
|
||||
|
||||
pScrPriv = rrGetScrPriv(pWin->drawable.pScreen);
|
||||
RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
|
||||
if (pScrPriv)
|
||||
RRSetPrimaryOutput(pWin->drawable.pScreen, pScrPriv, output);
|
||||
|
||||
return Success;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -248,6 +248,9 @@ ProcRRSetScreenSize(ClientPtr client)
|
|||
|
||||
pScreen = pWin->drawable.pScreen;
|
||||
pScrPriv = rrGetScrPriv(pScreen);
|
||||
if (!pScrPriv)
|
||||
return BadMatch;
|
||||
|
||||
if (stuff->width < pScrPriv->minWidth || pScrPriv->maxWidth < stuff->width) {
|
||||
client->errorValue = stuff->width;
|
||||
return BadValue;
|
||||
|
|
|
|||
Loading…
Reference in New Issue