dix: copy event in TouchConvertToPointerEvent correctly
Maarten Lankhorst
maarten.lankhorst at canonical.com
Mon Apr 15 07:53:48 PDT 2013
Fixes reading random memory read beyond the end of original event.
sizeof device_event: 424
sizeof internal_event: 2800
Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>
---
diff --git a/dix/touch.c b/dix/touch.c
index a191f14..1f7247b 100644
--- a/dix/touch.c
+++ b/dix/touch.c
@@ -634,14 +634,14 @@ TouchConvertToPointerEvent(const InternalEvent *event,
BUG_WARN_MSG(!(event->device_event.flags & TOUCH_POINTER_EMULATED),
"Non-emulating touch event\n");
- *motion_event = *event;
+ motion_event->device_event = event->device_event;
motion_event->any.type = ET_Motion;
motion_event->device_event.detail.button = 0;
motion_event->device_event.flags = XIPointerEmulated;
if (nevents > 1) {
BUG_RETURN_VAL(!button_event, 0);
- *button_event = *event;
+ button_event->device_event = event->device_event;
button_event->any.type = ptrtype;
button_event->device_event.flags = XIPointerEmulated;
/* detail is already correct */
More information about the xorg-devel
mailing list