FixesSelectSelectionInput
Po Lu
luangruo at yahoo.com
Sun Jun 30 07:30:08 UTC 2024
A recent "security fix" in ProcXFixesSelectSelectionInput hamstrings
this request in the event that no ownership has yet been asserted over
the selection.
The proximate cause is thus: dixLookupSelection returns error
indications when no selection data exists, which case is identified by
&selection remaining unaltered, but is erroneously interpreted as an
access control denial, with the important consequence that gnome-shell
crashes on startup having received a BadMatch.
I don't believe it's possible to control access to still-nonexistent
selections through XACE.
diff --git a/xfixes/select.c b/xfixes/select.c
index 660eed210..11ddc4939 100644
--- a/xfixes/select.c
+++ b/xfixes/select.c
@@ -128,7 +128,9 @@ XFixesSelectSelectionInput(ClientPtr pClient,
Selection *selection;
rc = dixLookupSelection(&selection, selection_name, pClient, DixGetAttrAccess);
- if (rc != Success)
+ if (rc != Success
+ /* Selection exists, but access control handlers were triggered. */
+ && selection)
return rc;
for (prev = &selectionEvents; (e = *prev); prev = &e->next) {
More information about the xorg-devel
mailing list