[PATCH] dix: Fix loop termination
Pauli
ext-pauli.nieminen at nokia.com
Thu Jan 20 09:01:46 PST 2011
From: Pauli Nieminen <ext-pauli.nieminen at nokia.com>
Handler pointer is set to NULL when it was deleted while inside handler
calls. Too bad deletion loop tried to find first not NULL pointer which
incorrectly removed wrong handlers from the list.
That resulted to NULL pointer call when sending syntetic mouse events
with delay.
8 0x00000000 in ?? ()
9 0x00025d7c in WakeupHandler (result=0, pReadmask=0x1c4d48)
at ../../dix/dixutils.c:435
10 0x0005c9bc in WaitForSomething (pClientsReady=<value optimized out>)
Fixes: NB# 220574 - xorg crash with xtst
Signed-off-by: Pauli Nieminen <ext-pauli.nieminen at nokia.com>
---
dix/dixutils.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/dix/dixutils.c b/dix/dixutils.c
index 7db31ff..2b90d58 100644
--- a/dix/dixutils.c
+++ b/dix/dixutils.c
@@ -405,16 +405,16 @@ BlockHandler(pointer pTimeout, pointer pReadmask)
block.handlers[block.index].blockData, pTimeout, pReadmask);
if (block.deleted)
{
- for (i = 0; !block.handlers[i].BlockHandler; i++) {
+ for (i = 0; block.handlers[i].BlockHandler; i++) {
}
for (j = i + 1; j < block.num; j++) {
- if (block.handlers[j].BlockHandler)
+ if (!block.handlers[j].BlockHandler)
continue;
block.handlers[i] = block.handlers[j];
i++;
}
- block.num = i + 1;
+ block.num = i;
block.deleted = FALSE;
}
--block.inHandler;
@@ -440,16 +440,16 @@ WakeupHandler(int result, pointer pReadmask)
result, pReadmask);
if (wakeup.deleted)
{
- for (i = 0; !wakeup.handlers[i].WakeupHandler; i++) {
+ for (i = 0; wakeup.handlers[i].WakeupHandler; i++) {
}
for (j = i + 1; j < wakeup.num; j++) {
- if (wakeup.handlers[j].WakeupHandler)
+ if (!wakeup.handlers[j].WakeupHandler)
continue;
wakeup.handlers[i] = wakeup.handlers[j];
i++;
}
- wakeup.num = i + 1;
+ wakeup.num = i;
wakeup.deleted = FALSE;
}
--wakeup.inHandler;
--
1.7.0.4
More information about the xorg-devel
mailing list