[PATCH] dix: check for NULL pointer before dereferences it in DeviceEnterLeaveEvent
Peter Hutterer
peter.hutterer at who-t.net
Sun Apr 18 16:37:18 PDT 2010
On Fri, Apr 16, 2010 at 06:42:23PM +0300, Tiago Vignatti wrote:
> Both mouse and mouse->button are already used before their checking were being
> performed. So check on the beginning.
>
> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
> ---
> dix/events.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/dix/events.c b/dix/events.c
> index 6541652..f949b07 100644
> --- a/dix/events.c
> +++ b/dix/events.c
> @@ -4350,7 +4350,7 @@ DeviceEnterLeaveEvent(
> WindowPtr pWin,
> Window child)
> {
> - GrabPtr grab = mouse->deviceGrab.grab;
> + GrabPtr grab;
> xXIEnterEvent *event;
> int filter;
> int btlen, len, i;
> @@ -4360,6 +4360,10 @@ DeviceEnterLeaveEvent(
> (mode == XINotifyPassiveUngrab && type == XI_Enter))
> return;
>
> + if (!mouse || !mouse->button)
> + return;
you're changing behaviour here. a device that doesn't have buttons will
simply have a zero mask set but can still send enter/leave events. that
check should only be if (!mouse).
also, if you submit patches like this where you check for !mouse->button at
the beginning of the function, please remove all the now superfluous checks
in the same function to make the patch useful.
Cheers,
Peter
> + grab = mouse->deviceGrab.grab;
> +
> btlen = (mouse->button) ? bits_to_bytes(mouse->button->numButtons) : 0;
> btlen = bytes_to_int32(btlen);
> len = sizeof(xXIEnterEvent) + btlen * 4;
> @@ -4378,7 +4382,7 @@ DeviceEnterLeaveEvent(
> event->root_x = FP1616(mouse->spriteInfo->sprite->hot.x, 0);
> event->root_y = FP1616(mouse->spriteInfo->sprite->hot.y, 0);
>
> - for (i = 0; mouse && mouse->button && i < mouse->button->numButtons; i++)
> + for (i = 0; i < mouse->button->numButtons; i++)
> if (BitIsOn(mouse->button->down, i))
> SetBit(&event[1], i);
>
> --
> 1.6.0.4
More information about the xorg-devel
mailing list