xinput test crashes server when touchpad clicked

Magnus Kessler Magnus.Kessler at gmx.net
Thu Nov 27 03:49:58 PST 2008


On Wednesday 26 November 2008, Peter Hutterer wrote:
> On Wed, Nov 19, 2008 at 10:07:59PM +0000, Magnus Kessler wrote:
> > With the latest server and synaptics driver from git I can reliably
> > crash the server by starting
> >
> > xinput test "SynPS2/2 Synaptics Touchpad"
> >
> > and then clicking the any of the physical buttons or tapping the pad to
> > simulate a click.
>
> How about this one?
>
> >From 87f5aa009d65e44f516bfc0168249ea29433b2b4 Mon Sep 17 00:00:00 2001
>
> From: Peter Hutterer <peter.hutterer at redhat.com>
> Date: Wed, 26 Nov 2008 12:20:00 +1000
> Subject: [PATCH] xkb: don't attempt to filter events for devices without
> key classes.
>
> Reported by Magnus Kessler.
>
> Signed-off-by: Peter Hutterer <peter.hutterer at redhat.com>
> ---
>  xkb/xkbEvents.c |   10 +++++++++-
>  1 files changed, 9 insertions(+), 1 deletions(-)
>
> diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
> index 151849c..02565a4 100644
> --- a/xkb/xkbEvents.c
> +++ b/xkb/xkbEvents.c
> @@ -819,7 +819,8 @@ XkbSrvInfoPtr	xkbi;
>              pXDev = inputInfo.keyboard;
>      }
>
> -    xkbi= pXDev->key->xkbInfo;
> +    xkbi= (pXDev->key) ? pXDev->key->xkbInfo : NULL;
> +
>      if ( pClient->xkbClientFlags & _XkbClientInitialized ) {
>  	if ((xkbDebugFlags&0x10)&&
>  		((xE[0].u.u.type==KeyPress)||(xE[0].u.u.type==KeyRelease)||
> @@ -841,6 +842,10 @@ XkbSrvInfoPtr	xkbi;
>  	     	(_XkbIsReleaseEvent(xE[0].u.u.type)) ) {
>  	    return False;
>  	}
> +
> +        if (!xkbi)
> +            return True;
> +
>  	if ((pXDev->deviceGrab.grab != NullGrab)
>                  && pXDev->deviceGrab.fromPassiveGrab &&
>  	    ((xE[0].u.u.type==KeyPress)||(xE[0].u.u.type==KeyRelease)||
> @@ -884,6 +889,9 @@ XkbSrvInfoPtr	xkbi;
>      else {
>  	register CARD8 	type;
>
> +        if (!xkbi)
> +            return True;
> +
>  	for (i=0;i<nEvents;i++) {
>  	    type= xE[i].u.u.type;
>  	    if ((xkbDebugFlags&0x4)&&

Tested-by: Magnus Kessler <Magnus.Kessler at gmx.net>

That patch works fine for me. Thanks for fixing this.

However, I see that the same unchecked access to p->key->xkbInfo exists in 
other functions in xkbEvents.c as well, notably XkbSendStateNotify and 
XkbSendControlsNotify (where it might be guarded by the xkb_interest 
field?), XkbSendMapNotify, XkbHandleBell and XkbSendActionMessage.

It seems clear from the naming ("kbd") of the DeviceIntPtr parameter in 
those cases that above functions are intended to be called only for regular 
keyboard devices? Is this guaranteed?

Cheers,

Magnus




More information about the xorg mailing list