← Back to team overview

desktop-packages team mailing list archive

[Bug 1221616] [NEW] xmir_resize() releases a pixmap it does not own, leading to freed memory reads

 

You have been subscribed to a public bug:

==32480== Invalid read of size 4
==32480==    at 0xA22E394: sna_dri_create_buffer (sna_dri.c:252)
==32480==    by 0x27BF7A: allocate_or_reuse_buffer.isra.6 (dri2.c:448)
==32480==    by 0x27CCE6: do_get_buffers (dri2.c:573)
==32480==    by 0x27D11F: DRI2GetBuffersWithFormat (dri2.c:690)
==32480==    by 0x27EAFF: ProcDRI2Dispatch (dri2ext.c:306)
==32480==    by 0x15CFCD: Dispatch (dispatch.c:432)
==32480==    by 0x14C529: main (main.c:298)
==32480==  Address 0xb98d18c is 12 bytes inside a block of size 120 free'd
==32480==    at 0x4C2B60C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==32480==    by 0xA19FC6D: sna_destroy_pixmap.part.69 (sna_accel.c:1393)
==32480==    by 0xA19FCBE: sna_destroy_pixmap (sna_accel.c:1347)
==32480==    by 0x234DC0: damageDestroyPixmap (damage.c:1559)
==32480==    by 0x1F7B68: XvDestroyPixmap (xvmain.c:372)
==32480==    by 0x1F66BE: ShmDestroyPixmap (shm.c:273)
==32480==    by 0x86987D5: xmir_resize (xmir-output.c:453)
==32480==    by 0x1DA7D6: xf86RandR12ScreenSetSize (xf86RandR12.c:699)
==32480==    by 0x22231A: ProcRRSetScreenSize (rrscreen.c:286)
==32480==    by 0x15CFCD: Dispatch (dispatch.c:432)
==32480==    by 0x14C529: main (main.c:298)

** Affects: xorg-server (Ubuntu)
     Importance: Critical
     Assignee: Chris Halse Rogers (raof)
         Status: Triaged


** Tags: make-xmir-default
-- 
xmir_resize() releases a pixmap it does not own, leading to freed memory reads
https://bugs.launchpad.net/bugs/1221616
You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg-server in Ubuntu.