[PATCH] Xi: check for NULL pointer before dereferences it in DeviceFocusEvent

[Peter Hutterer]

On Fri, Apr 16, 2010 at 06:42:22PM +0300, Tiago Vignatti wrote:
> Both mouse and mouse->button are already used before their checking were being
> performed. So check on the beginning.
> 
> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
> ---
>  Xi/exevents.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)
> 
> diff --git a/Xi/exevents.c b/Xi/exevents.c
> index e680f6f..7a1f6cf 100644
> --- a/Xi/exevents.c
> +++ b/Xi/exevents.c
> @@ -1241,6 +1241,8 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail,
>      int btlen, len, i;
>  
>      mouse = (IsMaster(dev) || dev->u.master) ? GetMaster(dev, MASTER_POINTER) : dev;
> +    if (!mouse || !mouse->button)
> +	FatalError("no device mouse found");

If you compare the other checks in this function (see also the hunk below)
you'll notice that if a device does not have a button field, everything is
just zeroed out. the !mouse can't really happen.

applying this patch will FatalError the server whenever a floating keyboard
device needs to send focus events. there may be a fix to shut up coverity,
but this one isn't it :)

Cheers,
  Peter

>  
>      /* XI 2 event */
>      btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0;
> @@ -1261,7 +1263,7 @@ DeviceFocusEvent(DeviceIntPtr dev, int type, int mode, int detail,
>      xi2event->root_x       = FP1616(mouse->spriteInfo->sprite->hot.x, 0);
>      xi2event->root_y       = FP1616(mouse->spriteInfo->sprite->hot.y, 0);
>  
> -    for (i = 0; mouse && mouse->button && i < mouse->button->numButtons; i++)
> +    for (i = 0; i < mouse->button->numButtons; i++)
>          if (BitIsOn(mouse->button->down, i))
>              SetBit(&xi2event[1], i);
>  
> -- 
> 1.6.0.4