GNOME Bugzilla – Bug 762908
wayland: crash if cogl_wayland_texture_2d_new_from_buffer() returns NULL
Last modified: 2016-03-01 09:20:43 UTC
Description: If cogl_wayland_texture_2d_new_from_buffer() fails and return NULL, mutter will crash while trying to unref the cogl texture. Steps to reproduce: 1. Run gnome-shell 2. Open xterm 3. move the mouse Actual results: Crash with following backtrace: #0 cogl_object_unref (obj=0x0) at cogl-object.c:112 #1 0x00007ffff36f9cba in update_cursor_sprite_texture (surface=surface@entry=0x886060) at wayland/meta-wayland-pointer.c:991 #2 0x00007ffff36f9e24 in pointer_set_cursor (client=0x880a20, resource=0x25f1000, serial=4, surface_resource=<optimized out>, hot_x=4, hot_y=4) at wayland/meta-wayland-pointer.c:1087 #3 0x00007fffea4f7d30 in ffi_call_unix64 () from /lib64/libffi.so.6 #4 0x00007fffea4f779b in ffi_call () from /lib64/libffi.so.6 #5 0x00007fffea704e4a in wl_closure_invoke (closure=closure@entry=0x2e236e0, flags=flags@entry=2, target=target@entry=0x25f1000, opcode=opcode@entry=0, data=data@entry=0x880a20) at src/connection.c:949 #6 0x00007fffea7015a6 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>, data=0x880a20) at src/wayland-server.c:337 #7 0x00007fffea703232 in wl_event_loop_dispatch (loop=0x64f700, timeout=timeout@entry=0) at src/event-loop.c:421 #8 0x00007ffff36f20a7 in wayland_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at wayland/meta-wayland.c:77 #9 0x00007fffeb1c6cfa in g_main_dispatch (context=0x64d270) at gmain.c:3154 #10 g_main_context_dispatch (context=context@entry=0x64d270) at gmain.c:3769 #11 0x00007fffeb1c7058 in g_main_context_iterate (context=0x64d270, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840 #12 0x00007fffeb1c7372 in g_main_loop_run (loop=0x87ef00) at gmain.c:4034 #13 0x00007ffff36c63fc in meta_run () at core/main.c:537 #14 0x00000000004026e7 in main (argc=1, argv=0x7fffffffdba8) at main.c:471 Expected result: No crash Additional data: Not sure why this bug shows up now, never seen that before, but given that cogl_wayland_texture_2d_new_from_buffer() can (and will) return NULL is nome error case, we might as well check for that and not crash.
Created attachment 322726 [details] [review] wayland: Do not crash if cogl texture is NULL cogl_wayland_texture_2d_new_from_buffer() may return NULL in which case mutter will crash while trying to unref the resulting texture.
Review of attachment 322726 [details] [review]: Maybe because we release the wl_buffer quite early. This means we can't really create the texture here, because we have already released the wl_buffer. This makes me wonder, why are we even creating the texture here? It should already have been created at surface->buffer->texture. FWIW, this seems related to bug 762828.
Yes, attachment 322599 [details] [review] from bug 762828 would fix it the same indeed. *** This bug has been marked as a duplicate of bug 762828 ***