[PATCH synaptics] Avoid out-of-bounds access by running num_active_touches < 0 (#49439)
Peter Hutterer
peter.hutterer at who-t.net
Thu May 10 19:30:48 PDT 2012
If a touch is active during driver init, the slot will be set to
SLOTSTATE_CLOSE when it finishes. That could decrease num_active_touches to
less than 0, causing out-of-bounds access.
X.Org Bug 49439 <http://bugs.freedesktop.org/show_bug.cgi?id=49439>
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
src/synaptics.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/synaptics.c b/src/synaptics.c
index e792977..d98ba71 100644
--- a/src/synaptics.c
+++ b/src/synaptics.c
@@ -2624,7 +2624,8 @@ UpdateTouchState(InputInfoPtr pInfo, struct SynapticsHwState *hw)
priv->open_slots[j] = priv->open_slots[j + 1];
}
- priv->num_active_touches--;
+ if (priv->num_active_touches > 0)
+ priv->num_active_touches--;
}
}
--
1.7.10.1
More information about the xorg-devel
mailing list