xserver: Branch 'master'
Adam Jackson
ajax at kemper.freedesktop.org
Wed Dec 6 17:00:40 UTC 2017
dix/devices.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
New commits:
commit 9f7a9be13d6449c00c86d3035374f4f543654b3f
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Tue Dec 5 09:59:06 2017 +0100
dix: avoid deferencing NULL PtrCtrl
PtrCtrl really makes sense for relative pointing device only, absolute
devices such as touch devices do not have any PtrCtrl set.
In some cases, if the client issues a XGetPointerControl() immediatlely
after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
a NULL pointer dereference will occur leading to a crash of Xwayland.
Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
return the default control values otherwise, to avoid the NULL pointer
dereference.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
Reviewed-by: Adam Jackson <ajax at redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
diff --git a/dix/devices.c b/dix/devices.c
index ea3c6c8a9..4a628afb0 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -2329,10 +2329,15 @@ int
ProcGetPointerControl(ClientPtr client)
{
DeviceIntPtr ptr = PickPointer(client);
- PtrCtrl *ctrl = &ptr->ptrfeed->ctrl;
+ PtrCtrl *ctrl;
xGetPointerControlReply rep;
int rc;
+ if (ptr->ptrfeed)
+ ctrl = &ptr->ptrfeed->ctrl;
+ else
+ ctrl = &defaultPointerControl;
+
REQUEST_SIZE_MATCH(xReq);
rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess);
More information about the xorg-commit
mailing list