Aurelien
/
xf86-video-intel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

uxa: don't crash when freeing an uninitialized screen 

When intel_scrn_create creates a screen, it sets scrn->driverPrivate to
(void *)(match_data | 1).  Normally, this is read by I830PreInit and then
replaced with a pointer to the intel_screen_private structure.  However, it's
possible for the server to delete the screen before initializing it, which leads
to a crash in I830FreeScreen when it tries to interpret the unaligned match_data
pointer as a pointer to a intel_screen_private.

Fix this by checking the low bit of the pointer and skipping the teardown code
if it's set.

Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
This commit is contained in:
Aaron Plattner 2013-03-12 12:45:58 -07:00 committed by Chris Wilson
parent b1952e7902
commit ee0ed88a09
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/intel_driver.c
View File

@ -1093,7 +1093,7 @@ static void I830FreeScreen(FREE_SCREEN_ARGS_DECL)
SCRN_INFO_PTR(arg);
intel_screen_private *intel = intel_get_screen_private(scrn);
if (intel) {
if (intel && !((uintptr_t)intel & 1)) {
intel_mode_fini(intel);
intel_close_drm_master(intel);
intel_bufmgr_fini(intel);