[PATCH] Remove the SendEvent bit (0x80) before doing range checks on event type.

[Sam Spilsbury]

Some extension libraries may set this bit before converting the event to
wire protocol and as such range checking the event will cause an invalid
BadValue error to result. As the documentation suggests the the bit
should be "forced on", remove it before doing range checks and continue
to force it on in the server.
---
 dix/events.c |   14 +++++++++++++-
 1 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/dix/events.c b/dix/events.c
index 8a4c6b9..9e58edb 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -5224,6 +5224,8 @@ CloseDownEvents(void)
     InputEventList = NULL;
 }
 
+#define SEND_EVENT_BIT 0x80
+
 /**
  * Server-side protocol handling for SendEvent request.
  *
@@ -5241,6 +5243,16 @@ ProcSendEvent(ClientPtr client)
 
     REQUEST_SIZE_MATCH(xSendEventReq);
 
+    /* libXext and other extension libraries may set the bit indicating
+     * that this event came from a SendEvent request so remove it
+     * since otherwise the event type may fail the range checks
+     * and cause an invalid BadValue error to be returned.
+     *
+     * This is safe to do since we later add the SendEvent bit (0x80)
+     * back in once we send the event to the client */
+
+    stuff->event.u.u.type &= ~(SEND_EVENT_BIT);
+
     /* The client's event type must be a core event type or one defined by an
 	extension. */
 
@@ -5298,7 +5310,7 @@ ProcSendEvent(ClientPtr client)
 	client->errorValue = stuff->propagate;
 	return BadValue;
     }
-    stuff->event.u.u.type |= 0x80;
+    stuff->event.u.u.type |= SEND_EVENT_BIT;
     if (stuff->propagate)
     {
 	for (;pWin; pWin = pWin->parent)
-- 
1.7.5.4


--=-sVzsr7Ls40ifzl8a+wcE--