andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dix: don't retrieve the syncEvents tail on an empty list

Browse Source 
An empty list points to itself but syncEvents has the list head only and is
of a different format than the elements. Thus, casting it to a QdEventPtr
gives us garbage.

Segfaults with XTS test case Xlib13/XGrabKeyboard

Introduced in 7af23259d8.

Reported-by: Aaron Plattner <aplattner@nvidia.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
This commit is contained in:
Peter Hutterer 2011-12-19 14:52:41 +10:00
parent 2d34b34ed7
commit 47da6b6b2c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dix/events.c
View File

@ -1115,13 +1115,14 @@ NoticeEventTime(InternalEvent *ev)
void
EnqueueEvent(InternalEvent *ev, DeviceIntPtr device)
{
QdEventPtr tail;
QdEventPtr tail = NULL;
QdEventPtr qe;
SpritePtr pSprite = device->spriteInfo->sprite;
int eventlen;
DeviceEvent *event = &ev->device_event;
tail = list_last_entry(&syncEvents.pending, QdEventRec, next);
if (!list_is_empty(&syncEvents.pending))
tail = list_last_entry(&syncEvents.pending, QdEventRec, next);
NoticeTime((InternalEvent*)event);