xserver: Branch 'master'
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon May 20 18:27:17 UTC 2019
hw/xwayland/xwayland-input.c | 1 +
1 file changed, 1 insertion(+)
New commits:
commit 0a07446318f248b65fcbc8ab8a73ead51153f09e
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Thu May 9 10:36:19 2019 +0200
xwayland: Avoid a crash on pointer enter with a grab
On pointer enter notification, Xwayland checks for an existing pointer
warp with a `NULL` sprite.
In turn, `xwl_pointer_warp_emulator_maybe_lock()` checks for an existing
grab and the destination window using `XYToWindow()` which does not
check for the actual sprite not being `NULL`.
So, in some cases, when the pointer enters the surface and there is an
existing X11 grab which is not an ownerEvents grab, Xwayland would crash
trying to dereference the `NULL` sprite pointer:
#0 __GI_raise ()
#1 __GI_abort () at abort.c:79
#2 OsAbort () at utils.c:1351
#3 AbortServer () at log.c:879
#4 FatalError () at log.c:1017
#5 OsSigHandler () at osinit.c:156
#6 OsSigHandler () at osinit.c:110
#7 <signal handler called>
#8 XYToWindow (pSprite=0x0, x=0, y=0) at events.c:2880
#9 xwl_pointer_warp_emulator_maybe_lock () at xwayland-input.c:2673
#10 pointer_handle_enter () at xwayland-input.c:434
Avoid the crash by simply checking for the sprite being not `NULL` in
`xwl_pointer_warp_emulator_maybe_lock()`
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
Bugzilla: https://bugzilla.redhat.com/1708119
diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c
index 15fc989bd..2c3482763 100644
--- a/hw/xwayland/xwayland-input.c
+++ b/hw/xwayland/xwayland-input.c
@@ -2661,6 +2661,7 @@ xwl_pointer_warp_emulator_maybe_lock(struct xwl_pointer_warp_emulator *warp_emul
*/
if (pointer_grab &&
!pointer_grab->ownerEvents &&
+ sprite &&
XYToWindow(sprite, x, y) != xwl_seat->focus_window->window)
return;
More information about the xorg-commit
mailing list