dix: copy event in TouchConvertToPointerEvent correctly
Peter Hutterer
peter.hutterer at who-t.net
Mon Apr 15 14:32:41 PDT 2013
On Mon, Apr 15, 2013 at 04:53:48PM +0200, Maarten Lankhorst wrote:
> Fixes reading random memory read beyond the end of original event.
>
> sizeof device_event: 424
> sizeof internal_event: 2800
>
> Signed-off-by: Maarten Lankhorst <maarten.lankhorst at canonical.com>
> ---
applied, thanks
Cheers,
Peter
> diff --git a/dix/touch.c b/dix/touch.c
> index a191f14..1f7247b 100644
> --- a/dix/touch.c
> +++ b/dix/touch.c
> @@ -634,14 +634,14 @@ TouchConvertToPointerEvent(const InternalEvent *event,
> BUG_WARN_MSG(!(event->device_event.flags & TOUCH_POINTER_EMULATED),
> "Non-emulating touch event\n");
>
> - *motion_event = *event;
> + motion_event->device_event = event->device_event;
> motion_event->any.type = ET_Motion;
> motion_event->device_event.detail.button = 0;
> motion_event->device_event.flags = XIPointerEmulated;
>
> if (nevents > 1) {
> BUG_RETURN_VAL(!button_event, 0);
> - *button_event = *event;
> + button_event->device_event = event->device_event;
> button_event->any.type = ptrtype;
> button_event->device_event.flags = XIPointerEmulated;
> /* detail is already correct */
>
More information about the xorg-devel
mailing list