From bc28396c93d90f857984cbcf9e342b37ecbd85c4 Mon Sep 17 00:00:00 2001 From: Robin Watts Date: Fri, 10 Mar 2023 11:18:17 +0000 Subject: Bug 706467: Fix null deref in display device. The display device can be initialised in a 'disabled' form when the callback is NULL. It seems we can get fill_rectangle called when in such a state, and we may not have initialised it, causing a SEGV. The fix is to initialise this to the usual display_fill_rectangle, function which will do nothing if callback is NULL, but won't crash. Thanks to Youngseok Choi for the report. --- devices/gdevdsp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/devices/gdevdsp.c b/devices/gdevdsp.c index 90e25a79a..7790dd0e8 100644 --- a/devices/gdevdsp.c +++ b/devices/gdevdsp.c @@ -207,7 +207,10 @@ display_open(gx_device * dev) /* Allow device to be opened "disabled" without a callback. */ /* The callback will be set later and the device re-opened. */ if (ddev->callback == NULL) + { + fill_dev_proc(ddev, fill_rectangle, display_fill_rectangle); return 0; + } ccode = install_internal_subclass_devices((gx_device **)&ddev, NULL); if (ccode < 0) return ccode; -- cgit v1.2.1