[Emacs-diffs] trunk r116642: Avoid crashes when X fonts are erroneously

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] trunk r116642: Avoid crashes when X fonts are erroneously

From:	Dmitry Antipov
Subject:	[Emacs-diffs] trunk r116642: Avoid crashes when X fonts are erroneously freed on reused X
Date:	Mon, 03 Mar 2014 08:28:33 +0000
User-agent:	Bazaar (2.6b2)

------------------------------------------------------------
revno: 116642
revision-id: address@hidden
parent: address@hidden
committer: Dmitry Antipov <address@hidden>
branch nick: trunk
timestamp: Mon 2014-03-03 12:27:58 +0400
message:
  Avoid crashes when X fonts are erroneously freed on reused X
  'Display *' connection data (Bug#16069).  Note that X font
  resources still may be leaked, but currently there is no way
  to completely avoid it.
  * xterm.h (struct x_display_info): New member x_id.  Add comments.
  * xterm.c (x_display_id): New variable.
  (x_term_init): Assign identifier to each opened X connection.
  * xfont.c (struct xfont): New member x_display_id.
  (xfont_open): Initialize it with frame's display id.
  (xfont_close): Check whether font's display id matches the one
  recorded for the given display.  Adjust comment.
  * xftfont.c (struct xftfont_info):
  (xftfont_open, xftfont_close): Exactly as above with xfont stuff.
modified:
  src/ChangeLog                  changelog-20091113204419-o5vbwnq5f7feedwu-1438
  src/xfont.c                    xfont.c-20091113204419-o5vbwnq5f7feedwu-8547
  src/xftfont.c                  xftfont.c-20091113204419-o5vbwnq5f7feedwu-8548
  src/xterm.c                    xterm.c-20091113204419-o5vbwnq5f7feedwu-244
  src/xterm.h                    xterm.h-20091113204419-o5vbwnq5f7feedwu-228

=== modified file 'src/ChangeLog'
--- a/src/ChangeLog     2014-03-03 07:46:08 +0000
+++ b/src/ChangeLog     2014-03-03 08:27:58 +0000
@@ -6,6 +6,20 @@
        (Fframe_font_cache) [FONT_DEBUG]: New function.
        (syms_of_font) [FONT_DEBUG]: Defsubr it.
 
+       Avoid crashes when X fonts are erroneously freed on reused X
+       'Display *' connection data (Bug#16069).  Note that X font
+       resources still may be leaked, but currently there is no way
+       to completely avoid it.
+       * xterm.h (struct x_display_info): New member x_id.  Add comments.
+       * xterm.c (x_display_id): New variable.
+       (x_term_init): Assign identifier to each opened X connection.
+       * xfont.c (struct xfont): New member x_display_id.
+       (xfont_open): Initialize it with frame's display id.
+       (xfont_close): Check whether font's display id matches the one
+       recorded for the given display.  Adjust comment.
+       * xftfont.c (struct xftfont_info):
+       (xftfont_open, xftfont_close): Exactly as above with xfont stuff.
+
 2014-03-01  Martin Rudalics  <address@hidden>
 
        Consider Vother_window_scroll_buffer valid iff it's a live buffer.

=== modified file 'src/xfont.c'
--- a/src/xfont.c       2014-01-01 07:43:34 +0000
+++ b/src/xfont.c       2014-03-03 08:27:58 +0000
@@ -42,6 +42,7 @@
   struct font font;
   Display *display;
   XFontStruct *xfont;
+  unsigned x_display_id;
 };
 
 /* Prototypes of support functions.  */
@@ -808,6 +809,7 @@
   font = XFONT_OBJECT (font_object);
   ((struct xfont_info *) font)->xfont = xfont;
   ((struct xfont_info *) font)->display = FRAME_X_DISPLAY (f);
+  ((struct xfont_info *) font)->x_display_id = FRAME_DISPLAY_INFO (f)->x_id;
   font->pixel_size = pixel_size;
   font->driver = &xfont_driver;
   font->encoding_charset = encoding->id;
@@ -892,12 +894,20 @@
 static void
 xfont_close (struct font *font)
 {
+  struct x_display_info *xdi;
   struct xfont_info *xfi = (struct xfont_info *) font;
 
   /* This function may be called from GC when X connection is gone
      (Bug#16093), and an attempt to free font resources on invalid
-     display may lead to X protocol errors or segfaults.  */
-  if (xfi->xfont && x_display_info_for_display (xfi->display))
+     display may lead to X protocol errors or segfaults.  Moreover,
+     the memory referenced by 'Display *' pointer may be reused for
+     the logically different X connection after the previous display
+     connection was closed.  That's why we also check whether font's
+     ID matches the one recorded in x_display_info for this display.
+     See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16069.  */
+  if (xfi->xfont
+      && ((xdi = x_display_info_for_display (xfi->display))
+         && xfi->x_display_id == xdi->x_id))
     {
       block_input ();
       XFreeFont (xfi->display, xfi->xfont);

=== modified file 'src/xftfont.c'
--- a/src/xftfont.c     2014-01-06 06:25:30 +0000
+++ b/src/xftfont.c     2014-03-03 08:27:58 +0000
@@ -59,6 +59,7 @@
   FT_Matrix matrix;
   Display *display;
   XftFont *xftfont;
+  unsigned x_display_id;
 };
 
 /* Structure pointed by (struct face *)->extra  */
@@ -372,6 +373,7 @@
   xftfont_info = (struct xftfont_info *) font;
   xftfont_info->display = display;
   xftfont_info->xftfont = xftfont;
+  xftfont_info->x_display_id = FRAME_DISPLAY_INFO (f)->x_id;
   /* This means that there's no need of transformation.  */
   xftfont_info->matrix.xx = 0;
   if (FcPatternGetMatrix (xftfont->pattern, FC_MATRIX, 0, &matrix)
@@ -481,6 +483,7 @@
 static void
 xftfont_close (struct font *font)
 {
+  struct x_display_info *xdi;
   struct xftfont_info *xftfont_info = (struct xftfont_info *) font;
 
 #ifdef HAVE_LIBOTF
@@ -493,7 +496,8 @@
 
   /* See comment in xfont_close.  */
   if (xftfont_info->xftfont
-      && x_display_info_for_display (xftfont_info->display))
+      && ((xdi = x_display_info_for_display (xftfont_info->display))
+         && xftfont_info->x_display_id == xdi->x_id))
     {
       block_input ();
       XftUnlockFace (xftfont_info->xftfont);

=== modified file 'src/xterm.c'
--- a/src/xterm.c       2014-02-04 07:36:58 +0000
+++ b/src/xterm.c       2014-03-03 08:27:58 +0000
@@ -9679,6 +9679,10 @@
 }
 #endif
 
+/* Current X display connection identifier.  Incremented for each next
+   connection established.  */
+static unsigned x_display_id;
+
 /* Open a connection to X display DISPLAY_NAME, and return
    the structure that describes the open display.
    If we cannot contact the display, return null.  */
@@ -9896,6 +9900,7 @@
   lim = min (PTRDIFF_MAX, SIZE_MAX) - sizeof "@";
   if (lim - SBYTES (Vinvocation_name) < SBYTES (Vsystem_name))
     memory_full (SIZE_MAX);
+  dpyinfo->x_id = ++x_display_id;
   dpyinfo->x_id_name = xmalloc (SBYTES (Vinvocation_name)
                                + SBYTES (Vsystem_name) + 2);
   strcat (strcat (strcpy (dpyinfo->x_id_name, SSDATA (Vinvocation_name)), "@"),

=== modified file 'src/xterm.h'
--- a/src/xterm.h       2014-01-11 09:31:09 +0000
+++ b/src/xterm.h       2014-03-03 08:27:58 +0000
@@ -198,6 +198,10 @@
      mouse-face.  */
   Mouse_HLInfo mouse_highlight;
 
+  /* Logical identifier of this display.  */
+  unsigned x_id;
+
+  /* Default name for all frames on this display.  */
   char *x_id_name;
 
   /* The number of fonts opened for this display.  */

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] trunk r116642: Avoid crashes when X fonts are erroneously freed on reused X, Dmitry Antipov <=

Prev by Date: [Emacs-diffs] trunk r116641: * font.c (toplevel): Adjust comment about font cache layout.
Next by Date: [Emacs-diffs] trunk r116643: Fix crashes in lisp_align_free in a build with GC_MCHECK.
Previous by thread: [Emacs-diffs] trunk r116641: * font.c (toplevel): Adjust comment about font cache layout.
Next by thread: [Emacs-diffs] trunk r116643: Fix crashes in lisp_align_free in a build with GC_MCHECK.
Index(es):
- Date
- Thread