From: Pekka Paalanen <[email protected]> Since shm_pool_resize() uses mremap(MREMAP_MAYMOVE), the pool's base address may change at that point.
If a compositor stores the pointer and a client enlarges the pool, the compositor will have a stale pointer. Signed-off-by: Pekka Paalanen <[email protected]> --- src/wayland-shm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/wayland-shm.c b/src/wayland-shm.c index a4343a4..7e42dcb 100644 --- a/src/wayland-shm.c +++ b/src/wayland-shm.c @@ -348,6 +348,10 @@ wl_shm_buffer_get_stride(struct wl_shm_buffer *buffer) * to crash you should call wl_shm_buffer_begin_access and * wl_shm_buffer_end_access around code that reads from the memory. * + * @note The return value of this function must not be stored across + * dispatching client requests. If a client resizes the underlying shm pool, + * the resize request handler will remap, and the pool base address may change. + * * \memberof wl_shm_buffer */ WL_EXPORT void * -- 2.4.10 _______________________________________________ wayland-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/wayland-devel
