From e6e01954a9f1789705a8309fc67785d3a8d015bb Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Jul 04 2016 12:10:22 +0000
Subject: Fix segfault in Xwayland due to cursor update after unrealize


---

diff --git a/0001-wayland-clear-resource-for-pixmap-on-unrealize.patch b/0001-wayland-clear-resource-for-pixmap-on-unrealize.patch
new file mode 100644
index 0000000..266dcdc
--- /dev/null
+++ b/0001-wayland-clear-resource-for-pixmap-on-unrealize.patch
@@ -0,0 +1,54 @@
+From edd24aa50b17849b904a3ac5429e333bac9bac9c Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 6 Jun 2016 09:22:28 +0200
+Subject: [PATCH xserver] wayland: clear resource for pixmap on unrealize
+
+On cursor unrealize, the associated pixmap is destroyed, make sure we
+clear the pointer from the private resource and check for the value
+being non-null when setting or destroying the cursor.
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96246
+---
+ hw/xwayland/xwayland-cursor.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c
+index 76729db..74dfe4e 100644
+--- a/hw/xwayland/xwayland-cursor.c
++++ b/hw/xwayland/xwayland-cursor.c
+@@ -76,8 +76,20 @@ static Bool
+ xwl_unrealize_cursor(DeviceIntPtr device, ScreenPtr screen, CursorPtr cursor)
+ {
+     PixmapPtr pixmap;
++    struct xwl_seat *xwl_seat;
+ 
+     pixmap = dixGetPrivate(&cursor->devPrivates, &xwl_cursor_private_key);
++    if (!pixmap)
++        return TRUE;
++
++    dixSetPrivate(&cursor->devPrivates, &xwl_cursor_private_key, NULL);
++
++    /* When called from FreeCursor(), device is always NULL */
++    if (device) {
++        xwl_seat = device->public.devicePrivate;
++        if (xwl_seat && cursor == xwl_seat->x_cursor)
++            xwl_seat->x_cursor = NULL;
++    }
+ 
+     return xwl_shm_destroy_pixmap(pixmap);
+ }
+@@ -122,6 +134,9 @@ xwl_seat_set_cursor(struct xwl_seat *xwl_seat)
+ 
+     cursor = xwl_seat->x_cursor;
+     pixmap = dixGetPrivate(&cursor->devPrivates, &xwl_cursor_private_key);
++    if (!pixmap)
++        return;
++
+     stride = cursor->bits->width * 4;
+     if (cursor->bits->argb)
+         memcpy(pixmap->devPrivate.ptr,
+-- 
+2.7.4
+
diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec
index 793ae50..857ae12 100644
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@@ -45,7 +45,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.18.3
-Release:   7%{?gitdate:.%{gitdate}}%{dist}
+Release:   8%{?gitdate:.%{gitdate}}%{dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@@ -113,6 +113,9 @@ Patch10003: 0002-present-Fix-presentation-of-flips-out-of-order.patch
 Patch10004: 0001-xkb-after-changing-the-keymap-force-an-indicator-upd.patch
 Patch10005: 0001-xkb-add-a-cause-to-the-xkb-indicator-update-after-a-.patch
 
+# Bug 1338979 - Xwayland: Segmentation fault in cursor update after unrealize
+Patch10006: 0001-wayland-clear-resource-for-pixmap-on-unrealize.patch
+
 %global moduledir	%{_libdir}/xorg/modules
 %global drimoduledir	%{_libdir}/dri
 %global sdkdir		%{_includedir}/xorg
@@ -650,6 +653,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 
 
 %changelog
+* Mon Jul 04 2016 Olivier Fourdan <ofourdan@redhat.com> 1.18.3-8
+- Fix segfault in Xwayland due to cursor update after unrealize (#1338979)
+
 * Tue Jun 28 2016 Peter Hutterer <peter.hutterer@redhat.com> 1.18.3-7
 - Fix segfault caused by forced indicator update (#1335439)