[PATCH] Sync TouchListener memory allocation with population in TouchSetupListeners()
carlosg at gnome.org
carlosg at gnome.org
Thu Oct 25 06:03:50 PDT 2012
From: Carlos Garnacho <carlosg at gnome.org>
The allocated TouchListener array may fall short by 1 if hitting the worst case
situation where there's an active grab, passive grabs on each window in the
sprite trace and event selection for touch in one of the windows. This may lead
to memory corruptions as the array is overflown.
Signed-off-by: Carlos Garnacho <carlosg at gnome.org>
---
dix/touch.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dix/touch.c b/dix/touch.c
index 497ad7d..9241fc1 100644
--- a/dix/touch.c
+++ b/dix/touch.c
@@ -572,8 +572,8 @@ TouchBuildSprite(DeviceIntPtr sourcedev, TouchPointInfoPtr ti,
return FALSE;
/* Mark which grabs/event selections we're delivering to: max one grab per
- * window plus the bottom-most event selection. */
- ti->listeners = calloc(sprite->spriteTraceGood + 1, sizeof(*ti->listeners));
+ * window plus the bottom-most event selection, plus any active grab. */
+ ti->listeners = calloc(sprite->spriteTraceGood + 2, sizeof(*ti->listeners));
if (!ti->listeners) {
sprite->spriteTraceGood = 0;
return FALSE;
--
1.7.11.7
More information about the xorg-devel
mailing list