[PATCH] xfree86: properly handle ACPI events with less than 4 parameters #55329

[Evgeni Golov]

acpid 2.0.17 introduced two new video ACPI events:
 - video/tabletmode TBLT off
 - video/tabletmode TBLT on

Xorg segfaults when receiving these events as the current code in
lnxACPIGetEventFromOs() expects the event to be of the form
 "video/* <str> <ulong> <ulong>"
When receiving one of the new events, the last strtok() returns NULL
instead of a pointer to the next substring and strtoul() is called on
that nullpointer, resulting in a segfault.

This patch checks each return value of strtok() to be !NULL and
immediately returns 0 if a NULL occurs.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=55329
Signed-off-by: Evgeni Golov <evgeni at debian.org>
---
 hw/xfree86/os-support/linux/lnx_acpi.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hw/xfree86/os-support/linux/lnx_acpi.c b/hw/xfree86/os-support/linux/lnx_acpi.c
index d98efa2..5b82ca5 100644
--- a/hw/xfree86/os-support/linux/lnx_acpi.c
+++ b/hw/xfree86/os-support/linux/lnx_acpi.c
@@ -81,19 +81,27 @@ lnxACPIGetEventFromOs(int fd, pmEvent * events, int num)
         unsigned long int notify_l, data_l;
 
         video = strtok(ev, " ");
+        if (!video)
+            return 0;
 
         GFX = strtok(NULL, " ");
+        if (!GFX)
+            return 0;
 #if 0
         ErrorF("GFX: %s\n", GFX);
 #endif
 
         notify = strtok(NULL, " ");
+        if (!notify)
+            return 0;
         notify_l = strtoul(notify, NULL, 16);
 #if 0
         ErrorF("notify: 0x%lx\n", notify_l);
 #endif
 
         data = strtok(NULL, " ");
+        if (!data)
+            return 0;
         data_l = strtoul(data, NULL, 16);
 #if 0
         ErrorF("data: 0x%lx\n", data_l);
-- 
1.7.10.4