andreacavalli
/
xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dix: avoid deferencing NULL PtrCtrl 

PtrCtrl really makes sense for relative pointing device only, absolute
devices such as touch devices do not have any PtrCtrl set.

In some cases, if the client issues a XGetPointerControl() immediatlely
after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
a NULL pointer dereference will occur leading to a crash of Xwayland.

Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
return the default control values otherwise, to avoid the NULL pointer
dereference.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 9f7a9be13d)
This commit is contained in:
Olivier Fourdan 2017-12-05 09:59:06 +01:00 committed by Adam Jackson
parent f9a5565372
commit 072dff8281
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dix/devices.c
View File

@ -2329,10 +2329,15 @@ int
ProcGetPointerControl(ClientPtr client)
{
DeviceIntPtr ptr = PickPointer(client);
PtrCtrl *ctrl = &ptr->ptrfeed->ctrl;
PtrCtrl *ctrl;
xGetPointerControlReply rep;
int rc;
if (ptr->ptrfeed)
ctrl = &ptr->ptrfeed->ctrl;
else
ctrl = &defaultPointerControl;
REQUEST_SIZE_MATCH(xReq);
rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess);