[PATCH xserver-xorg-input-synaptics] Check touch record bounds before access
Peter Hutterer
peter.hutterer at who-t.net
Mon Apr 9 18:48:15 PDT 2012
On Mon, Apr 09, 2012 at 06:44:00PM -0700, Chase Douglas wrote:
> On 04/09/2012 06:18 PM, Peter Hutterer wrote:
> > On Mon, Apr 09, 2012 at 11:38:16AM -0700, Chase Douglas wrote:
> >> We guess ten simultaneous touches if the device does not tell us. The
> >> Linux drivers for the Apple multitouch trackpads do not tell the number
> >> of simultaneous touches, but they can do more than ten. When this
> >> occurs, the array index into the touch records will be invalid. We must
> >> not process the touch or else we will segfault.
> >>
> >> Signed-off-by: Chase Douglas <chase.douglas at canonical.com>
> >> ---
> >> src/eventcomm.c | 3 +++
> >> 1 files changed, 3 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/src/eventcomm.c b/src/eventcomm.c
> >> index 3ceb98c..9d1233c 100644
> >> --- a/src/eventcomm.c
> >> +++ b/src/eventcomm.c
> >> @@ -564,6 +564,9 @@ EventProcessTouchEvent(InputInfoPtr pInfo, struct SynapticsHwState *hw,
> >> {
> >> int slot_index = last_mt_vals_slot(priv);
> >>
> >> + if (slot_index < 0)
> >> + return;
> >> +
> >> if (hw->slot_state[slot_index] == SLOTSTATE_EMPTY ||
> >> hw->slot_state[slot_index] == SLOTSTATE_OPEN_EMPTY)
> >> hw->slot_state[slot_index] = SLOTSTATE_UPDATE;
> >> --
> >> 1.7.9.1
> >
> > 4c87455..3f9794a master -> master
> >
> > thanks.
> > should we scheduling a work proc to resize this?
>
> Yes, maybe after we find a use for more than 10 simultaneous touches on
> a trackpad? :)
I'll get onto it :)
More information about the xorg-devel
mailing list