Hi all, There are a few (rare) occurence of a crash in glamor with largepixmap(), and I traced it back to an overflow in glamor_compute_transform_clipped_regions() when copying the box32 back into a box16.
The following two (trivial) patches do two things: 1. Make sure the values do not overflow when copying back to box16. Another possibility would be to use a pixman_region32_t but I suspect this would be a more intrusive change, a decision that I would rather leave to glamor maintainers. Meanwhile this patch is enough to avoid the crash in the Xserver. 2. COMPOSITE_REGION() is a macro that can pass NULL as the source pixmap, but the glamor_composite_clipped_region() won't handle that well at all, simply check that source is not NULL in glamor_composite_clipped_region() That one is not required if we have the overflow check in place, but logically in the macro can substitute an argument with NULL to the function being called, I reckon it makes sense to check that the given argument is not NULL in the callee. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101894 Cheers, Olivier Olivier Fourdan (2): glamor: handle NULL source pixmap glamor: Avoid overflow between box32 and box16 box glamor/glamor_largepixmap.c | 11 ++++++----- glamor/glamor_render.c | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) -- 2.13.3 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel