From ad2aca113daccb4d0e9299b7c37d61f2d9b1f930 Mon Sep 17 00:00:00 2001
From: Thomas Senyk <thomas.senyk@qt.io>
Date: Mon, 12 Dec 2022 15:03:00 +0100
Subject: eglfs-kms/gbm: fix segfault and add qScopeGuard

As framebufferForBufferObject has a code-path which returns a nullptr,
it's vital to check on that and return early in that case.

As this is the third segment in this function that does gbm_surface_release_buffer,
a qScopeGuard was introduced to reduce code duplication.
This also makes this function saver/easier to maintain long term.

The platform on which this segfault was reported is QEMU

Pick-to: 6.2 6.4 6.5
Change-Id: I5ee1ad4073712349b7475bce3a7978961fea2344
Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io>
---
 .../eglfs_kms/qeglfskmsgbmscreen.cpp                  | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'src/plugins/platforms/eglfs/deviceintegration')

diff --git a/src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp b/src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp
index 0f829ee00c..e6fd627823 100644
--- a/src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp
+++ b/src/plugins/platforms/eglfs/deviceintegration/eglfs_kms/qeglfskmsgbmscreen.cpp
@@ -352,7 +352,17 @@ void QEglFSKmsGbmScreen::flip()
         return;
     }
 
+    auto gbmRelease = qScopeGuard([this]{
+        m_flipPending = false;
+        gbm_surface_release_buffer(m_gbm_surface, m_gbm_bo_next);
+        m_gbm_bo_next = nullptr;
+    });
+
     FrameBuffer *fb = framebufferForBufferObject(m_gbm_bo_next);
+    if (!fb) {
+        qWarning("FrameBuffer not available. Cannot flip");
+        return;
+    }
     ensureModeSet(fb->fb);
 
     const QKmsOutput &thisOutput(output());
@@ -384,9 +394,6 @@ void QEglFSKmsGbmScreen::flip()
                                   this);
         if (ret) {
             qErrnoWarning("Could not queue DRM page flip on screen %s", qPrintable(name()));
-            m_flipPending = false;
-            gbm_surface_release_buffer(m_gbm_surface, m_gbm_bo_next);
-            m_gbm_bo_next = nullptr;
             return;
         }
     }
@@ -429,12 +436,12 @@ void QEglFSKmsGbmScreen::flip()
     if (device()->hasAtomicSupport()) {
 #if QT_CONFIG(drm_atomic)
         if (!device()->threadLocalAtomicCommit(this)) {
-            m_flipPending = false;
-            gbm_surface_release_buffer(m_gbm_surface, m_gbm_bo_next);
-            m_gbm_bo_next = nullptr;
+            return;
         }
 #endif
     }
+
+    gbmRelease.dismiss();
 }
 
 void QEglFSKmsGbmScreen::flipFinished()
-- 
cgit v1.2.3