compositor: Do not trigger invalid destructors when hotunplugging
When hotunplugging a display, the compositor will tear the top-level wet_output object down, freeing its memory. However, destruction of the backend output might be delayed in certain situations (e.g. destroying DRM output while in the middle of a page flip). When the backend output is finally destroyed, it will trigger a destruction callback previously added by the compositor, which point to data belonging to the top-level wet_output object. In order to avoid access to invalid data when the backend output is destroyed after the top-level wet_output object, remove the destruction callback from the corresponding list before freeing the object. Signed-off-by: Miguel A Vico Moya <mvicomoya@nvidia.com>
This commit is contained in:
Miguel A. Vico
parent
620f68dc4f
commit
5c5f0272d9
@ -1859,8 +1859,16 @@ wet_output_from_weston_output(struct weston_output *base)
|
||||
static void
|
||||
wet_output_destroy(struct wet_output *output)
|
||||
{
|
||||
if (output->output)
|
||||
weston_output_destroy(output->output);
|
||||
if (output->output) {
|
||||
/* output->output destruction may be deferred in some cases (see
|
||||
* drm_output_destroy()), so we need to forcibly trigger the
|
||||
* destruction callback now, or otherwise would later access
|
||||
* data that we are about to free
|
||||
*/
|
||||
struct weston_output *save = output->output;
|
||||
wet_output_handle_destroy(&output->output_destroy_listener, save);
|
||||
weston_output_destroy(save);
|
||||
}
|
||||
|
||||
wl_list_remove(&output->link);
|
||||
free(output);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user