andreacavalli
/
xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Xi: don't copy a DeviceEvent into an InternalEvent 

==26141== Invalid read of size 8
==26141==    at 0x58FAEA: DeliverEmulatedMotionEvent (exevents.c:1484)

An InternalEvent is bigger than a DeviceEvent, thus copying one to the other
reads past the allocated boundary. Shouldn't have any real effect since we
shouldn't access anything past the DeviceEvent boundary if the event type is
correct.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Peter Hutterer 2014-04-29 16:52:01 +10:00 committed by Keith Packard
parent d7ac9aff06
commit 8e2fefe3ef
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Xi/exevents.c
View File

@ -1469,7 +1469,7 @@ static void
DeliverEmulatedMotionEvent(DeviceIntPtr dev, TouchPointInfoPtr ti,
InternalEvent *ev)
{
InternalEvent motion;
DeviceEvent motion;
if (ti->num_listeners) {
ClientPtr client;
@ -1481,11 +1481,11 @@ DeliverEmulatedMotionEvent(DeviceIntPtr dev, TouchPointInfoPtr ti,
ti->listeners[0].type != LISTENER_POINTER_GRAB)
return;
motion = *ev;
motion.any.type = ET_TouchUpdate;
motion.device_event.detail.button = 0;
motion = ev->device_event;
motion.type = ET_TouchUpdate;
motion.detail.button = 0;
if (!RetrieveTouchDeliveryData(dev, ti, &motion,
if (!RetrieveTouchDeliveryData(dev, ti, (InternalEvent*)&motion,
&ti->listeners[0], &client, &win, &grab,
&mask))
return;
@ -1500,18 +1500,18 @@ DeliverEmulatedMotionEvent(DeviceIntPtr dev, TouchPointInfoPtr ti,
}
}
DeliverTouchEmulatedEvent(dev, ti, &motion, &ti->listeners[0], client,
DeliverTouchEmulatedEvent(dev, ti, (InternalEvent*)&motion, &ti->listeners[0], client,
win, grab, mask);
}
else {
InternalEvent button;
int converted;
converted = TouchConvertToPointerEvent(ev, &motion, &button);
converted = TouchConvertToPointerEvent(ev, (InternalEvent*)&motion, &button);
BUG_WARN(converted == 0);
if (converted)
ProcessOtherEvent(&motion, dev);
ProcessOtherEvent((InternalEvent*)&motion, dev);
}
}