[PATCH] dix: Fix crash in DeliverGrabbedEvents.
Peter Hutterer
peter.hutterer at who-t.net
Wed Apr 14 00:43:22 PDT 2010
If both devices are synchronously grabbed, first with a GrabPointer, then
with a GrabKeyboard (GrabModeSync on both), sync.other of each device points
to the grab of the respective other device.
If the keyboard is then thawed through a AllowSome request, the VCK's
sync.other is reset to NULL. Subsequently, an event on the VCP would crash
the server when dereferencing sync.other on the VCP.
The check's purpose is to compare if the other device is grabbed by the same
client, which should be checked by accessing (dev->deviceGrab->grab->resource).
A check of the server-1.3 sources confirms that.
XTS test case: Xlib13 XAllowEvents 20.
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
dix/events.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/dix/events.c b/dix/events.c
index eaa2c57..6d0137d 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -3980,7 +3980,7 @@ DeliverGrabbedEvent(InternalEvent *event, DeviceIntPtr thisDev,
FreezeThaw(dev, TRUE);
if ((dev->deviceGrab.sync.state == FREEZE_BOTH_NEXT_EVENT) &&
(CLIENT_BITS(grab->resource) ==
- CLIENT_BITS(dev->deviceGrab.sync.other->resource)))
+ CLIENT_BITS(dev->deviceGrab.grab->resource)))
dev->deviceGrab.sync.state = FROZEN_NO_EVENT;
else
dev->deviceGrab.sync.other = grab;
--
1.6.6.1
More information about the xorg-devel
mailing list