While the pixman image might be attached, the underlying buffer might be already gone under certain circumstances. This is easily reproduced by attempting to resize gnome-terminal on a fbdev backend.
A more proper fix (without skipping rendering of the surface) would need a change to Wayland API, so that the buffers are reference-counted in the same way as pools are, so that they would not release their pulls if they are still needed. $ WAYLAND_DEBUG=1 strace -emunmap weston --backend=fbdev-backend.so ... [1524846.706] [email protected]_pool(new id wl_shm_pool@26, fd 40, 1545000) [1524847.215] [email protected]_buffer(new id wl_buffer@27, 0, 750, 515, 3000, 0) [1524847.735] [email protected]() [1524847.953] -> [email protected]_id(24) [1524848.144] [email protected]() munmap(0xb5b2e000, 1563540) = 0 [1524849.021] -> [email protected]_id(23) [1524849.425] [email protected](wl_buffer@27, 0, 0) [1524849.730] [email protected]_buffer_scale(1) [1524849.821] [email protected](0, 0, 750, 515) <No commit yet, so drawing is attempted from older buffer that used to be attached to the surface, which happens to come from a destroyed pool, resulting it an invalid read from address 0xb5b2e000> Signed-off-by: Lubomir Rintel <[email protected]> --- A Perl-based reproducer available here, in case it is more convenient to run than gnome-terminal: http://v3.sk/~lkundrak/pixman-crash.pl src/pixman-renderer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pixman-renderer.c b/src/pixman-renderer.c index b719829..6759a00 100644 --- a/src/pixman-renderer.c +++ b/src/pixman-renderer.c @@ -348,7 +348,7 @@ draw_view(struct weston_view *ev, struct weston_output *output, pixman_region32_t surface_blend; /* No buffer attached */ - if (!ps->image) + if (!ps->buffer_ref.buffer) return; pixman_region32_init(&repaint); -- 1.8.4.2 _______________________________________________ wayland-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/wayland-devel
