xserver: Branch 'master'
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sun Dec 19 20:04:26 UTC 2021
Xi/exevents.c | 4 ++--
dix/events.c | 53 +++++++++++++++++++++++++++--------------------------
include/dix.h | 2 +-
3 files changed, 30 insertions(+), 29 deletions(-)
New commits:
commit 5b8817a019845e1066c373022133985a0e2d718f
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Tue Nov 16 23:38:46 2021 +0100
Convert more funcs to use InternalEvent.
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
in events.c: 3876 *grabinfo->sync.event = *real_event;
Possible fix for https://gitlab.freedesktop.org/xorg/xserver/-/issues/1253
Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
diff --git a/Xi/exevents.c b/Xi/exevents.c
index 9d4886212..94b9983bd 100644
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -1901,7 +1901,7 @@ ProcessDeviceEvent(InternalEvent *ev, DeviceIntPtr device)
* nested) to clients. */
if (event->source_type == EVENT_SOURCE_FOCUS)
return;
- if (!grab && CheckDeviceGrabs(device, event, 0))
+ if (!grab && CheckDeviceGrabs(device, ev, 0))
return;
break;
case ET_KeyRelease:
@@ -1914,7 +1914,7 @@ ProcessDeviceEvent(InternalEvent *ev, DeviceIntPtr device)
if (b->map[key] == 0) /* there's no button 0 */
return;
event->detail.button = b->map[key];
- if (!grab && CheckDeviceGrabs(device, event, 0)) {
+ if (!grab && CheckDeviceGrabs(device, ev, 0)) {
/* if a passive grab was activated, the event has been sent
* already */
return;
diff --git a/dix/events.c b/dix/events.c
index d29868ef0..341c746d4 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1191,7 +1191,7 @@ EnqueueEvent(InternalEvent *ev, DeviceIntPtr device)
}
}
- eventlen = event->length;
+ eventlen = sizeof(InternalEvent);
qe = malloc(sizeof(QdEventRec) + eventlen);
if (!qe)
@@ -1319,7 +1319,7 @@ ComputeFreezes(void)
syncEvents.replayDev = (DeviceIntPtr) NULL;
- if (!CheckDeviceGrabs(replayDev, &event->device_event,
+ if (!CheckDeviceGrabs(replayDev, event,
syncEvents.replayWin)) {
if (IsTouchEvent(event)) {
TouchPointInfoPtr ti =
@@ -3027,7 +3027,7 @@ BOOL
ActivateFocusInGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
{
BOOL rc = FALSE;
- DeviceEvent event;
+ InternalEvent event;
if (dev->deviceGrab.grab) {
if (!dev->deviceGrab.fromPassiveGrab ||
@@ -3042,16 +3042,16 @@ ActivateFocusInGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
if (win == NoneWin || win == PointerRootWin)
return FALSE;
- event = (DeviceEvent) {
- .header = ET_Internal,
- .type = ET_FocusIn,
- .length = sizeof(DeviceEvent),
- .time = GetTimeInMillis(),
- .deviceid = dev->id,
- .sourceid = dev->id,
- .detail.button = 0
+ event = (InternalEvent) {
+ .device_event.header = ET_Internal,
+ .device_event.type = ET_FocusIn,
+ .device_event.length = sizeof(DeviceEvent),
+ .device_event.time = GetTimeInMillis(),
+ .device_event.deviceid = dev->id,
+ .device_event.sourceid = dev->id,
+ .device_event.detail.button = 0
};
- rc = (CheckPassiveGrabsOnWindow(win, dev, (InternalEvent *) &event, FALSE,
+ rc = (CheckPassiveGrabsOnWindow(win, dev, &event, FALSE,
TRUE) != NULL);
if (rc)
DoEnterLeaveEvents(dev, dev->id, old, win, XINotifyPassiveGrab);
@@ -3068,7 +3068,7 @@ static BOOL
ActivateEnterGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
{
BOOL rc = FALSE;
- DeviceEvent event;
+ InternalEvent event;
if (dev->deviceGrab.grab) {
if (!dev->deviceGrab.fromPassiveGrab ||
@@ -3080,16 +3080,16 @@ ActivateEnterGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
(*dev->deviceGrab.DeactivateGrab) (dev);
}
- event = (DeviceEvent) {
- .header = ET_Internal,
- .type = ET_Enter,
- .length = sizeof(DeviceEvent),
- .time = GetTimeInMillis(),
- .deviceid = dev->id,
- .sourceid = dev->id,
- .detail.button = 0
+ event = (InternalEvent) {
+ .device_event.header = ET_Internal,
+ .device_event.type = ET_Enter,
+ .device_event.length = sizeof(DeviceEvent),
+ .device_event.time = GetTimeInMillis(),
+ .device_event.deviceid = dev->id,
+ .device_event.sourceid = dev->id,
+ .device_event.detail.button = 0
};
- rc = (CheckPassiveGrabsOnWindow(win, dev, (InternalEvent *) &event, FALSE,
+ rc = (CheckPassiveGrabsOnWindow(win, dev, &event, FALSE,
TRUE) != NULL);
if (rc)
DoEnterLeaveEvents(dev, dev->id, old, win, XINotifyPassiveGrab);
@@ -4141,14 +4141,15 @@ CheckPassiveGrabsOnWindow(WindowPtr pWin,
*/
Bool
-CheckDeviceGrabs(DeviceIntPtr device, DeviceEvent *event, WindowPtr ancestor)
+CheckDeviceGrabs(DeviceIntPtr device, InternalEvent *ievent, WindowPtr ancestor)
{
int i;
WindowPtr pWin = NULL;
FocusClassPtr focus =
- IsPointerEvent((InternalEvent *) event) ? NULL : device->focus;
+ IsPointerEvent(ievent) ? NULL : device->focus;
BOOL sendCore = (IsMaster(device) && device->coreEvents);
Bool ret = FALSE;
+ DeviceEvent *event = &ievent->device_event;
if (event->type != ET_ButtonPress && event->type != ET_KeyPress)
return FALSE;
@@ -4171,7 +4172,7 @@ CheckDeviceGrabs(DeviceIntPtr device, DeviceEvent *event, WindowPtr ancestor)
if (focus) {
for (; i < focus->traceGood; i++) {
pWin = focus->trace[i];
- if (CheckPassiveGrabsOnWindow(pWin, device, (InternalEvent *) event,
+ if (CheckPassiveGrabsOnWindow(pWin, device, ievent,
sendCore, TRUE)) {
ret = TRUE;
goto out;
@@ -4186,7 +4187,7 @@ CheckDeviceGrabs(DeviceIntPtr device, DeviceEvent *event, WindowPtr ancestor)
for (; i < device->spriteInfo->sprite->spriteTraceGood; i++) {
pWin = device->spriteInfo->sprite->spriteTrace[i];
- if (CheckPassiveGrabsOnWindow(pWin, device, (InternalEvent *) event,
+ if (CheckPassiveGrabsOnWindow(pWin, device, ievent,
sendCore, TRUE)) {
ret = TRUE;
goto out;
diff --git a/include/dix.h b/include/dix.h
index 22daa510f..0dcd09b65 100644
--- a/include/dix.h
+++ b/include/dix.h
@@ -458,7 +458,7 @@ WindowHasNewCursor(WindowPtr /* pWin */ );
extern Bool
CheckDeviceGrabs(DeviceIntPtr /* device */ ,
- DeviceEvent * /* event */ ,
+ InternalEvent * /* event */ ,
WindowPtr /* ancestor */ );
extern void
More information about the xorg-commit
mailing list