[PATCH] xfixes: don't dereference a NULL cursor

Tue Nov 29 15:11:14 PST 2011

If the new cursor is the NULL cursor, don't dereference it and use zeros
instead.

Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
Not sure when this broke given that most of this code hasn't changed in
ages. Reproducible segfault with
    xinput create-master "foo"
    xinput remove-master "foo pointer"
When the master pointer is removed, CursorDisplayCursor is called with the
NullCursor, causing a NULL-pointer dereference.

 xfixes/cursor.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/xfixes/cursor.c b/xfixes/cursor.c
index 2950e45..53f9f20 100644
--- a/xfixes/cursor.c
+++ b/xfixes/cursor.c
@@ -179,9 +179,9 @@ CursorDisplayCursor (DeviceIntPtr pDev,
 		ev.type = XFixesEventBase + XFixesCursorNotify;
 		ev.subtype = XFixesDisplayCursorNotify;
 		ev.window = e->pWindow->drawable.id;
-		ev.cursorSerial = pCursor->serialNumber;
+		ev.cursorSerial = pCursor ? pCursor->serialNumber : 0;
 		ev.timestamp = currentTime.milliseconds;
-		ev.name = pCursor->name;
+		ev.name = pCursor ? pCursor->name : None;
 		WriteEventsToClient (e->pClient, 1, (xEvent *) &ev);
 	    }
 	}
-- 
1.7.7.1

