dix: avoid deferencing NULL PtrCtrl
PtrCtrl really makes sense for relative pointing device only, absolute devices such as touch devices do not have any PtrCtrl set. In some cases, if the client issues a XGetPointerControl() immediatlely after a ChangeMasterDeviceClasses() copied the touch device to the VCP, a NULL pointer dereference will occur leading to a crash of Xwayland. Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and return the default control values otherwise, to avoid the NULL pointer dereference. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533 Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
This commit is contained in:
parent
60f4646ae1
commit
9f7a9be13d
|
@ -2329,10 +2329,15 @@ int
|
|||
ProcGetPointerControl(ClientPtr client)
|
||||
{
|
||||
DeviceIntPtr ptr = PickPointer(client);
|
||||
PtrCtrl *ctrl = &ptr->ptrfeed->ctrl;
|
||||
PtrCtrl *ctrl;
|
||||
xGetPointerControlReply rep;
|
||||
int rc;
|
||||
|
||||
if (ptr->ptrfeed)
|
||||
ctrl = &ptr->ptrfeed->ctrl;
|
||||
else
|
||||
ctrl = &defaultPointerControl;
|
||||
|
||||
REQUEST_SIZE_MATCH(xReq);
|
||||
|
||||
rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess);
|
||||
|
|
Loading…
Reference in New Issue
Block a user