Since "Make PixmapDirtyUpdateRec::src a DrawablePtr" in xserver, the "src" pointer might point to the root window (created by the server) instead of a pixmap (as created by xf86-video-intel). Use get_drawable_pixmap to handle both cases. When built with -fsanitize=address, the following test on a hybrid graphics laptop will trigger a heap-buffer-overflow error due to to_sna_from_pixmap receiving a window instead of a pixmap: xrandr --setprovideroutputsource modesetting Intel xrandr --output DP-1-1 --mode 2560x1440 # should not crash glxgears # should display gears on both screens With nouveau instead of modesetting, it does not crash but the external monitor remains blank aside from a mouse cursor. This patch fixes both. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=100086 Signed-off-by: Peter Wu <peter@xxxxxxxxxxxxx> --- v1: https://lists.freedesktop.org/archives/intel-gfx/2018-August/173522.html v2: rebased on current master (2.99.917-893-gbff5eca4), reworded commit. This patch has been tested at https://bugs.archlinux.org/task/64238, I have additionally tested it with both modesetting and nouveau under ASAN, the modesetting ASAN trace for unpatched intel can be found at: https://bugs.freedesktop.org/show_bug.cgi?id=100086#c24 commit 2.99.917-891-g581ddc5d ("sna: Fix compiler warnings due to DrawablePtr vs. PixmapPtr") incorporated all compiler warning fixes from v1 of this patch, but unfortunately lacks this crucial bugfix. --- src/sna/sna_accel.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/sna/sna_accel.c b/src/sna/sna_accel.c index fa386ff6..ee857a14 100644 --- a/src/sna/sna_accel.c +++ b/src/sna/sna_accel.c @@ -17684,10 +17684,10 @@ static void sna_accel_post_damage(struct sna *sna) continue; #ifdef HAS_DIRTYTRACKING_DRAWABLE_SRC - assert(dirty->src->type == DRAWABLE_PIXMAP); + src = get_drawable_pixmap(dirty->src); +#else + src = dirty->src; #endif - - src = (PixmapPtr)dirty->src; dst = dirty->slave_dst->master_pixmap; region.extents.x1 = dirty->x; -- 2.23.0 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx