[PATCH xserver-xorg-input-synaptics] Check touch record bounds before access
Chase Douglas
chase.douglas at canonical.com
Mon Apr 9 18:44:00 PDT 2012
On 04/09/2012 06:18 PM, Peter Hutterer wrote:
> On Mon, Apr 09, 2012 at 11:38:16AM -0700, Chase Douglas wrote:
>> We guess ten simultaneous touches if the device does not tell us. The
>> Linux drivers for the Apple multitouch trackpads do not tell the number
>> of simultaneous touches, but they can do more than ten. When this
>> occurs, the array index into the touch records will be invalid. We must
>> not process the touch or else we will segfault.
>>
>> Signed-off-by: Chase Douglas <chase.douglas at canonical.com>
>> ---
>> src/eventcomm.c | 3 +++
>> 1 files changed, 3 insertions(+), 0 deletions(-)
>>
>> diff --git a/src/eventcomm.c b/src/eventcomm.c
>> index 3ceb98c..9d1233c 100644
>> --- a/src/eventcomm.c
>> +++ b/src/eventcomm.c
>> @@ -564,6 +564,9 @@ EventProcessTouchEvent(InputInfoPtr pInfo, struct SynapticsHwState *hw,
>> {
>> int slot_index = last_mt_vals_slot(priv);
>>
>> + if (slot_index < 0)
>> + return;
>> +
>> if (hw->slot_state[slot_index] == SLOTSTATE_EMPTY ||
>> hw->slot_state[slot_index] == SLOTSTATE_OPEN_EMPTY)
>> hw->slot_state[slot_index] = SLOTSTATE_UPDATE;
>> --
>> 1.7.9.1
>
> 4c87455..3f9794a master -> master
>
> thanks.
> should we scheduling a work proc to resize this?
Yes, maybe after we find a use for more than 10 simultaneous touches on
a trackpad? :)
-- Chase
More information about the xorg-devel
mailing list