From b16219a19f48b52dda91f26fcbbbbeda056589ab Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Sun, 11 Nov 2012 11:05:35 +0000 Subject: [PATCH] sna: Filter out the full-damage marker when undoing redirection ==25902== Invalid read of size 4 ==25902== at 0x4980E13: _list_del (intel_list.h:218) ==25902== by 0x4980EAB: list_del (intel_list.h:240) ==25902== by 0x4981F4B: free_list (sna_damage.c:403) ==25902== by 0x4985131: __sna_damage_destroy (sna_damage.c:1467) ==25902== by 0x49A5276: sna_render_composite_redirect_done (sna_render.c:1921) ==25902== by 0x49C68FC: gen2_render_composite_done (gen2_render.c:1136) ==25902== by 0x497F90F: sna_composite (sna_composite.c:567) ==25902== by 0x4994725: glyphs_via_mask (sna_glyphs.c:1139) ==25902== by 0x4995FB7: sna_glyphs (sna_glyphs.c:1688) ==25902== by 0x8150EB4: ??? (in /usr/bin/Xorg) ==25902== by 0x813CA38: CompositeGlyphs (in /usr/bin/Xorg) ==25902== by 0x8146DE1: ??? (in /usr/bin/Xorg) ==25902== Address 0x7c079ac2 is not stack'd, malloc'd or (recently) free'd Reported-by: bonbons67@internet.lu Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=56785 Signed-off-by: Chris Wilson --- src/sna/sna_render.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/sna/sna_render.c b/src/sna/sna_render.c index 3cb14498..34c795b5 100644 --- a/src/sna/sna_render.c +++ b/src/sna/sna_render.c @@ -1914,11 +1914,13 @@ sna_render_composite_redirect_done(struct sna *sna, assert(ok); } if (t->damage) { - DBG(("%s: combining damage, offset=(%d, %d)\n", - __FUNCTION__, t->box.x1, t->box.y1)); - sna_damage_combine(t->real_damage, t->damage, + DBG(("%s: combining damage (all? %d), offset=(%d, %d)\n", + __FUNCTION__, DAMAGE_IS_ALL(t->damage), + t->box.x1, t->box.y1)); + sna_damage_combine(t->real_damage, + DAMAGE_PTR(t->damage), t->box.x1, t->box.y1); - __sna_damage_destroy(t->damage); + __sna_damage_destroy(DAMAGE_PTR(t->damage)); } kgem_bo_destroy(&sna->kgem, op->dst.bo);