[XProto] Fix GPU process crash when Xlib is not implicitly loaded

The old code used dlsym(RTLD_DEFAULT), which will attempt to obtain the symbol from libraries already loaded. This works most of the time because Xlib gets loaded by eg. GTK, but in cases where Xlib is not already loaded (eg. certain ChromeOS setups), XFree will not be found, leading to a crash. The fix is to switch to the existing xlib_support which internally does dlopen("libX11.so.6") so it shouldn't have this issue. R=sky Bug: 1150918 Change-Id: I82d28cf86e187cc1213b607482f7bd1f4a8e2287 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2552209 Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> Commit-Queue: Scott Violet <sky@chromium.org> Auto-Submit: Thomas Anderson <thomasanderson@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Cr-Commit-Position: refs/heads/master@{#829901}

[XProto] Fix GPU process crash when Xlib is not implicitly loaded
The old code used dlsym(RTLD_DEFAULT), which will attempt to obtain the symbol from libraries already loaded. This works most of the time because Xlib gets loaded by eg. GTK, but in cases where Xlib is not already loaded (eg. certain ChromeOS setups), XFree will not be found, leading to a crash. The fix is to switch to the existing xlib_support which internally does dlopen("libX11.so.6") so it shouldn't have this issue. R=sky Bug: 1150918 Change-Id: I82d28cf86e187cc1213b607482f7bd1f4a8e2287 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2552209 Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> Commit-Queue: Scott Violet <sky@chromium.org> Auto-Submit: Thomas Anderson <thomasanderson@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Cr-Commit-Position: refs/heads/master@{#829901}
edec9c14 · Tom Anderson · Commit Bot · f9b60b64 · edec9c14 · edec9c14
Commit edec9c14 authored Nov 21, 2020 by Tom Anderson Committed by Commit Bot Nov 21, 2020
5 changed files
--- a/ui/gfx/x/BUILD.gn
+++ b/ui/gfx/x/BUILD.gn
@@ -34,6 +34,7 @@ generate_library_loader("xlib_loader") {
    "XFlush",
    "XSynchronize",
    "XSetErrorHandler",
+    "XFree",
  ]
 }

--- a/ui/gfx/x/xlib.h
+++ b/ui/gfx/x/xlib.h
@@ -12,6 +12,7 @@ int XCloseDisplay(struct _XDisplay*);
 int XFlush(struct _XDisplay*);
 int XSynchronize(struct _XDisplay*, int);
 int XSetErrorHandler(int (*)(void*, void*));
+void XFree(void*);
 }
 #endif  // UI_GFX_X_XLIB_H_
--- a/ui/gfx/x/xlib_support.cc
+++ b/ui/gfx/x/xlib_support.cc
@@ -49,6 +49,11 @@ void SetXlibErrorHandler() {
  GetXlibLoader()->XSetErrorHandler(XlibErrorHandler);
 }
+DISABLE_CFI_ICALL
+void XlibFree(void* data) {
+  GetXlibLoader()->XFree(data);
+}
 DISABLE_CFI_ICALL
 XlibDisplay::XlibDisplay(const std::string& address) {
  InitXlib();

--- a/ui/gfx/x/xlib_support.h
+++ b/ui/gfx/x/xlib_support.h
@@ -32,6 +32,9 @@ COMPONENT_EXPORT(X11) void InitXlib();
 // Sets an async error handler which only logs an error message.
 COMPONENT_EXPORT(X11) void SetXlibErrorHandler();
+// Wraps XFree().
+COMPONENT_EXPORT(X11) void XlibFree(void* data);
 // A scoped Xlib display.
 class COMPONENT_EXPORT(X11) XlibDisplay {
 public:

--- a/ui/gl/glx_util.cc
+++ b/ui/gl/glx_util.cc
@@ -62,13 +62,6 @@ x11::Glx::FbConfig GetConfigForWindow(x11::Connection* conn,
  return {};
 }
-NO_SANITIZE("cfi-icall")
-void XlibFree(void* data) {
-  using xfree_type = void (*)(void*);
-  auto* xfree = reinterpret_cast<xfree_type>(dlsym(RTLD_DEFAULT, "XFree"));
-  xfree(data);
-}
 }  // namespace
 GLXFBConfig GetFbConfigForWindow(x11::Connection* connection,
@@ -89,7 +82,7 @@ GLXFBConfig GetGlxFbConfigForXProtoFbConfig(x11::Connection* connection,
  DCHECK_EQ(nitems, 1);
  DCHECK(glx_configs);
  GLXFBConfig glx_config = glx_configs[0];
-  XlibFree(glx_configs);
+  x11::XlibFree(glx_configs);
  return glx_config;
 }