With the following sequence of events, the cursor FB fields could end up being all set to NULL while the cursor is enabled: 1. set_cursor is called, conn->cursor_pending_fb is set to a FB pointer. 2. The output is committed with a buffer. crtc->cursor->queued_fb is set to the FB pointer, conn->cursor_pending_fb is reset to NULL. A page-flip event is expected in the future. 3. The output is committed with a modeset before the page-flip event is triggered. crtc->cursor->queued_fb is reset to NULL. At this point all of crtc->cursor->current_fb, crtc->cursor->queued_fb and conn->cursor_pending_fb are NULL which is a bogus state when the cursor plane is enabled. To avoid this issue, avoid overwriting crtc->cursor->queued_fb with a NULL pointer on commit. The cursor logic still isn't great, but let's keep a rework of that for a separate patch. Closes: https://gitlab.freedesktop.org/wlroots/wlroots/-/issues/3734master
parent
e3ab52af7b
commit
f5889319f7
Loading…
Reference in new issue