On Tue, Mar 12, 2013 at 12:45:58PM -0700, Aaron Plattner wrote: > When intel_scrn_create creates a screen, it sets scrn->driverPrivate to > (void *)(match_data | 1). Normally, this is read by I830PreInit and then > replaced with a pointer to the intel_screen_private structure. However, it's > possible for the server to delete the screen before initializing it, which leads > to a crash in I830FreeScreen when it tries to interpret the unaligned match_data > pointer as a pointer to a intel_screen_private. > > Fix this by checking the low bit of the pointer and skipping the teardown code > if it's set. > > Signed-off-by: Aaron Plattner <aplattner at nvidia.com> Thanks, I had forgotten all about that path. Pushed, -Chris -- Chris Wilson, Intel Open Source Technology Centre
