frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

composite: Fix use-after-free in compReparentWindow 

If an implicitly redirected window is unredirected by the reparent
operation, cw will be a stale pointer.

Signed-off-by: Peter Harris <pharris@opentext.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Peter Harris 2018-02-22 18:07:38 -05:00 committed by Adam Jackson
parent ac13d740bf
commit efd84bff23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
composite/compwindow.c
View File

@ -432,7 +432,7 @@ compReparentWindow(WindowPtr pWin, WindowPtr pPriorParent)
{ {
ScreenPtr pScreen = pWin->drawable.pScreen; ScreenPtr pScreen = pWin->drawable.pScreen;
CompScreenPtr cs = GetCompScreen(pScreen); CompScreenPtr cs = GetCompScreen(pScreen);
CompWindowPtr cw = GetCompWindow(pWin); CompWindowPtr cw;
pScreen->ReparentWindow = cs->ReparentWindow; pScreen->ReparentWindow = cs->ReparentWindow;
/* /*
@ -471,6 +471,7 @@ compReparentWindow(WindowPtr pWin, WindowPtr pPriorParent)
cs->ReparentWindow = pScreen->ReparentWindow; cs->ReparentWindow = pScreen->ReparentWindow;
pScreen->ReparentWindow = compReparentWindow; pScreen->ReparentWindow = compReparentWindow;
cw = GetCompWindow(pWin);
if (pWin->damagedDescendants || (cw && cw->damaged)) if (pWin->damagedDescendants || (cw && cw->damaged))
compMarkAncestors(pWin); compMarkAncestors(pWin);