bugfix: add null check on output gbm on pageflip

The gbm for the output might be null for the pageflip in the case that
the output has been disconnected. The gbm might be set to null by
wlr_drm_output_cleanup() in this case.

If the output is cleaned up before the pageflip, then a double free
will crash the compositor on the call to gbm_surface_release_buffer()
in the pageflip handler. The outputs buffer object bo[1] will point to
invalid memory.
This commit is contained in:
Tony Crisci 2017-07-24 19:50:13 -04:00
parent 13f3c69ec6
commit 8b6dc48355

View file

@ -631,7 +631,7 @@ static void page_flip_handler(int fd, unsigned seq,
struct wlr_backend_state *state = struct wlr_backend_state *state =
wl_container_of(output->renderer, state, renderer); wl_container_of(output->renderer, state, renderer);
if (output->bo[1]) { if (output->gbm && output->bo[1]) {
gbm_surface_release_buffer(output->gbm, output->bo[1]); gbm_surface_release_buffer(output->gbm, output->bo[1]);
output->bo[1] = NULL; output->bo[1] = NULL;
} }