mirror of
https://gitlab.freedesktop.org/xorg/xserver.git
synced 2026-02-15 04:30:35 +01:00
dix: keep a ref to the rootCursor
CreateCursor returns a cursor with refcount 1 - that refcount is used by
the resource system, any caller needs to call RefCursor to get their own
reference. That happens correctly for normal cursors but for our
rootCursor we keep a variable to the cursor despite not having a ref for
ourselves.
Fix this by reffing/unreffing the rootCursor to ensure our pointer is
valid.
Related to CVE-2025-26594, ZDI-CAN-25544
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit b0a09ba602)
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830>
This commit is contained in:
Peter Hutterer
Alan Coopersmith
parent
fb6dd658d7
commit
077944f99e
1 changed files with 4 additions and 0 deletions
|
|
@ -231,6 +231,8 @@ dix_main(int argc, char *argv[], char *envp[])
|
|||
FatalError("could not open default cursor font");
|
||||
}
|
||||
|
||||
rootCursor = RefCursor(rootCursor);
|
||||
|
||||
#ifdef PANORAMIX
|
||||
/*
|
||||
* Consolidate window and colourmap information for each screen
|
||||
|
|
@ -271,6 +273,8 @@ dix_main(int argc, char *argv[], char *envp[])
|
|||
|
||||
Dispatch();
|
||||
|
||||
UnrefCursor(rootCursor);
|
||||
|
||||
UndisplayDevices();
|
||||
DisableAllDevices();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue