nordic-dev.net/wlroots
2
0
Fork 0
mirror of https://gitlab.freedesktop.org/wlroots/wlroots.git synced 2024-11-25 00:22:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

backend/drm: fix a use-after-free

Browse Source 
The page_flip can be destroyed, but it is unconditionally accessed later
on when setting present_flags. Fix this by simply setting the
present_flags before the page_flip gets destroyed.
This commit is contained in:
Dudemanguy 2024-08-19 11:33:36 -05:00 committed by Alexander Orzechowski
parent b4f077a596
commit 3d2f09bace
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
backend/drm/drm.c
View File

@ -2018,6 +2018,12 @@ static void handle_page_flip(int fd, unsigned seq,
if (conn != NULL) { if (conn != NULL) {
conn->pending_page_flip = NULL; conn->pending_page_flip = NULL;
} }
uint32_t present_flags = WLR_OUTPUT_PRESENT_HW_CLOCK | WLR_OUTPUT_PRESENT_HW_COMPLETION;
if (!page_flip->async) {
present_flags |= WLR_OUTPUT_PRESENT_VSYNC;
}
if (page_flip->connectors_len == 0) { if (page_flip->connectors_len == 0) {
drm_page_flip_destroy(page_flip); drm_page_flip_destroy(page_flip);
} }
@ -2048,10 +2054,6 @@ static void handle_page_flip(int fd, unsigned seq,
drm_fb_move(&layer->current_fb, &layer->queued_fb); drm_fb_move(&layer->current_fb, &layer->queued_fb);
} }
uint32_t present_flags = WLR_OUTPUT_PRESENT_HW_CLOCK | WLR_OUTPUT_PRESENT_HW_COMPLETION;
if (!page_flip->async) {
present_flags |= WLR_OUTPUT_PRESENT_VSYNC;
}
/* Don't report ZERO_COPY in multi-gpu situations, because we had to copy /* Don't report ZERO_COPY in multi-gpu situations, because we had to copy
* data between the GPUs, even if we were using the direct scanout * data between the GPUs, even if we were using the direct scanout
* interface. * interface.