[PATCH] Sync TouchListener memory allocation with population in TouchSetupListeners()
Peter Hutterer
peter.hutterer at who-t.net
Thu Oct 25 22:43:28 PDT 2012
On Thu, Oct 25, 2012 at 03:03:50PM +0200, carlosg at gnome.org wrote:
> From: Carlos Garnacho <carlosg at gnome.org>
>
> The allocated TouchListener array may fall short by 1 if hitting the worst case
> situation where there's an active grab, passive grabs on each window in the
> sprite trace and event selection for touch in one of the windows. This may lead
> to memory corruptions as the array is overflown.
>
> Signed-off-by: Carlos Garnacho <carlosg at gnome.org>
> ---
> dix/touch.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/dix/touch.c b/dix/touch.c
> index 497ad7d..9241fc1 100644
> --- a/dix/touch.c
> +++ b/dix/touch.c
> @@ -572,8 +572,8 @@ TouchBuildSprite(DeviceIntPtr sourcedev, TouchPointInfoPtr ti,
> return FALSE;
>
> /* Mark which grabs/event selections we're delivering to: max one grab per
> - * window plus the bottom-most event selection. */
> - ti->listeners = calloc(sprite->spriteTraceGood + 1, sizeof(*ti->listeners));
> + * window plus the bottom-most event selection, plus any active grab. */
> + ti->listeners = calloc(sprite->spriteTraceGood + 2, sizeof(*ti->listeners));
> if (!ti->listeners) {
> sprite->spriteTraceGood = 0;
> return FALSE;
> --
> 1.7.11.7
oops, thanks. merged
Cheers,
Peter
More information about the xorg-devel
mailing list