This is how the crash can be triggered with only two clients on the system: Client A: (already running) Client B: Connect Client B: CreateGlyphSet(depthN) Client A: Disconnect Server: free globalGlyphs(depthN) Client B: AddGlyphs(depthN) Server: SEGV
This crash was introduced with the FindGlyphsByHash function in 516b96387b0e57b524a37a96da22dbeeeb041712. Before that revision, ResizeGlyphSet was always called before FindGlyphRef, which would re-create globalGlyphs(depthN) if necessary. X.Org Bug 20718 <http://bugs.freedesktop.org/show_bug.cgi?id=20718> Reviewed-by: Adam Jackson <a...@redhat.com> Signed-off-by: Peter Harris <phar...@opentext.com> --- Keith, Please apply directly. I haven't set up a tree that can be pulled from yet. render/glyph.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/render/glyph.c b/render/glyph.c index 0b864ad..f0f3b19 100644 --- a/render/glyph.c +++ b/render/glyph.c @@ -217,6 +217,9 @@ FindGlyphByHash (unsigned char sha1[20], int format) GlyphRefPtr gr; CARD32 signature = *(CARD32 *) sha1; + if (!globalGlyphs[format].hashSet) + return NULL; + gr = FindGlyphRef (&globalGlyphs[format], signature, TRUE, sha1); -- 1.7.0.2 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel