[PATCH] Xi: don't copy a DeviceEvent into an InternalEvent
peter.hutterer at who-t.net
Wed Apr 30 22:34:47 PDT 2014
On Wed, Apr 30, 2014 at 10:09:09AM -0700, Keith Packard wrote:
> Peter Hutterer <peter.hutterer at who-t.net> writes:
> > ==26141== Invalid read of size 8
> > ==26141== at 0x58FAEA: DeliverEmulatedMotionEvent (exevents.c:1484)
> > An InternalEvent is bigger than a DeviceEvent, thus copying one to the other
> > reads past the allocated boundary. Shouldn't have any real effect since we
> > shouldn't access anything past the DeviceEvent boundary if the event type is
> > correct.
> How does a DeviceEvent end up getting passed to this function? Is there
> a cast up the stack somewhere? If DeliverEmulatedMotionEvent actually
> takes a DeviceEvent cast to an InternalEvent, perhaps the problem is
> with the signature of DeliverEmulatedMotionEvent?
DeviceEvents are InternalEvents. That's how they're passed around, mostly
ProcessOtherEvent() -> ProcessTouchEvent() -> DeliverEmulatedMotionEvent()
In ProcessTouchEvent we already know it's a touch event, so we could now
pass the DeviceEvent around. But since the touch and pointer paths cross
over and the latter mostly take InternalEvents it's a bit of work to get
this done properly. So I'm going to punt this to some time when I have time.
And I feel more comfortable going
DeviceEvent *d = &internal_event->device_event;
than up-casting a DeviceEvent to an InternalEvent. The former at least
provides _some_ type safety.
More information about the xorg-devel