Commit 19dae293 authored by Dmitry Antipov's avatar Dmitry Antipov

Avoid crashes when X fonts are erroneously freed on reused X

'Display *' connection data (Bug#16069).  Note that X font
resources still may be leaked, but currently there is no way
to completely avoid it.
* xterm.h (struct x_display_info): New member x_id.  Add comments.
* xterm.c (x_display_id): New variable.
(x_term_init): Assign identifier to each opened X connection.
* xfont.c (struct xfont): New member x_display_id.
(xfont_open): Initialize it with frame's display id.
(xfont_close): Check whether font's display id matches the one
recorded for the given display.  Adjust comment.
* xftfont.c (struct xftfont_info):
(xftfont_open, xftfont_close): Exactly as above with xfont stuff.
parent 8c1c7611
......@@ -6,6 +6,20 @@
(Fframe_font_cache) [FONT_DEBUG]: New function.
(syms_of_font) [FONT_DEBUG]: Defsubr it.
Avoid crashes when X fonts are erroneously freed on reused X
'Display *' connection data (Bug#16069). Note that X font
resources still may be leaked, but currently there is no way
to completely avoid it.
* xterm.h (struct x_display_info): New member x_id. Add comments.
* xterm.c (x_display_id): New variable.
(x_term_init): Assign identifier to each opened X connection.
* xfont.c (struct xfont): New member x_display_id.
(xfont_open): Initialize it with frame's display id.
(xfont_close): Check whether font's display id matches the one
recorded for the given display. Adjust comment.
* xftfont.c (struct xftfont_info):
(xftfont_open, xftfont_close): Exactly as above with xfont stuff.
2014-03-01 Martin Rudalics <rudalics@gmx.at>
Consider Vother_window_scroll_buffer valid iff it's a live buffer.
......
......@@ -42,6 +42,7 @@ struct xfont_info
struct font font;
Display *display;
XFontStruct *xfont;
unsigned x_display_id;
};
/* Prototypes of support functions. */
......@@ -808,6 +809,7 @@ xfont_open (struct frame *f, Lisp_Object entity, int pixel_size)
font = XFONT_OBJECT (font_object);
((struct xfont_info *) font)->xfont = xfont;
((struct xfont_info *) font)->display = FRAME_X_DISPLAY (f);
((struct xfont_info *) font)->x_display_id = FRAME_DISPLAY_INFO (f)->x_id;
font->pixel_size = pixel_size;
font->driver = &xfont_driver;
font->encoding_charset = encoding->id;
......@@ -892,12 +894,20 @@ xfont_open (struct frame *f, Lisp_Object entity, int pixel_size)
static void
xfont_close (struct font *font)
{
struct x_display_info *xdi;
struct xfont_info *xfi = (struct xfont_info *) font;
/* This function may be called from GC when X connection is gone
(Bug#16093), and an attempt to free font resources on invalid
display may lead to X protocol errors or segfaults. */
if (xfi->xfont && x_display_info_for_display (xfi->display))
display may lead to X protocol errors or segfaults. Moreover,
the memory referenced by 'Display *' pointer may be reused for
the logically different X connection after the previous display
connection was closed. That's why we also check whether font's
ID matches the one recorded in x_display_info for this display.
See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16069. */
if (xfi->xfont
&& ((xdi = x_display_info_for_display (xfi->display))
&& xfi->x_display_id == xdi->x_id))
{
block_input ();
XFreeFont (xfi->display, xfi->xfont);
......
......@@ -59,6 +59,7 @@ struct xftfont_info
FT_Matrix matrix;
Display *display;
XftFont *xftfont;
unsigned x_display_id;
};
/* Structure pointed by (struct face *)->extra */
......@@ -372,6 +373,7 @@ xftfont_open (struct frame *f, Lisp_Object entity, int pixel_size)
xftfont_info = (struct xftfont_info *) font;
xftfont_info->display = display;
xftfont_info->xftfont = xftfont;
xftfont_info->x_display_id = FRAME_DISPLAY_INFO (f)->x_id;
/* This means that there's no need of transformation. */
xftfont_info->matrix.xx = 0;
if (FcPatternGetMatrix (xftfont->pattern, FC_MATRIX, 0, &matrix)
......@@ -481,6 +483,7 @@ xftfont_open (struct frame *f, Lisp_Object entity, int pixel_size)
static void
xftfont_close (struct font *font)
{
struct x_display_info *xdi;
struct xftfont_info *xftfont_info = (struct xftfont_info *) font;
#ifdef HAVE_LIBOTF
......@@ -493,7 +496,8 @@ xftfont_close (struct font *font)
/* See comment in xfont_close. */
if (xftfont_info->xftfont
&& x_display_info_for_display (xftfont_info->display))
&& ((xdi = x_display_info_for_display (xftfont_info->display))
&& xftfont_info->x_display_id == xdi->x_id))
{
block_input ();
XftUnlockFace (xftfont_info->xftfont);
......
......@@ -9679,6 +9679,10 @@ my_log_handler (const gchar *log_domain, GLogLevelFlags log_level,
}
#endif
/* Current X display connection identifier. Incremented for each next
connection established. */
static unsigned x_display_id;
/* Open a connection to X display DISPLAY_NAME, and return
the structure that describes the open display.
If we cannot contact the display, return null. */
......@@ -9896,6 +9900,7 @@ x_term_init (Lisp_Object display_name, char *xrm_option, char *resource_name)
lim = min (PTRDIFF_MAX, SIZE_MAX) - sizeof "@";
if (lim - SBYTES (Vinvocation_name) < SBYTES (Vsystem_name))
memory_full (SIZE_MAX);
dpyinfo->x_id = ++x_display_id;
dpyinfo->x_id_name = xmalloc (SBYTES (Vinvocation_name)
+ SBYTES (Vsystem_name) + 2);
strcat (strcat (strcpy (dpyinfo->x_id_name, SSDATA (Vinvocation_name)), "@"),
......
......@@ -198,6 +198,10 @@ struct x_display_info
mouse-face. */
Mouse_HLInfo mouse_highlight;
/* Logical identifier of this display. */
unsigned x_id;
/* Default name for all frames on this display. */
char *x_id_name;
/* The number of fonts opened for this display. */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment