When compiling with link time optimization, GCC thinks it's discovered
undefined behavior:
events.c: In function 'XineramaConfineCursorToWindow':
events.c:609:13: warning: iteration 2147483647 invokes undefined behavior [-Waggressive-loop-optimizations]
events.c:609:11: note: within this loop
events.c:605:49: warning: array subscript -1 is below array bounds of 'struct _Window *[16]' [-Warray-bounds]
events.c:606:31: warning: array subscript -1 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
events.c:610:39: warning: array subscript -2 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
events.c:617:38: warning: array subscript -2 is below array bounds of 'struct _Window *[16]' [-Warray-bounds]
events.c:619:35: warning: array subscript -2 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
This results from
i = PanoramiXNumScreens - 1;
RegionCopy(&pSprite->Reg1, &pSprite->windows[i]->borderSize);
off_x = screenInfo.screens[i]->x;
off_y = screenInfo.screens[i]->y;
where GCC believes that PanoramiXNumScreens might be 0. Unfortunately
GCC is just smart enough to be an annoyance because this case is not
actually possible: XineramaConfineCursorToWindow() is only called when
noPanoramiXExtension is false, and if noPanoramiXExtension is false then
PanoramiXNumScreens must be >1 (see PanoramiXExtensionInit()).
So, add an assert(!noPanoramiXExtension), which to my surprise provides
GCC with information even in release builds and lets GCC understand that
the code is not doing anything that is undefined behavior.
I chose this solution instead of the proposed assert(i >= 0) because the
same pattern occurs in CheckVirtualMotion() but is inside an
'if (!noPanoramiXExtension)' and does not generate any warnings.
Fixes: xorg/xserver#590
Signed-off-by: Matt Turner <mattst88@gmail.com>
c67f2eac56 ("dix: always send focus event on grab change") made dix
always sent events when it's a NotifyGrab or NotifyUngrab, even if
from == to, because 'from' can just come from a previous XSetInputFocus
call.
However, when an application calls XGrabKeyboard several times on
the same window, we are now sending spurious FocusOut+FocusIn with
NotifyGrab, even if the grab does not actually change. This makes screen
readers for blind people spuriously emit activity events which disturb
screen reading workflow when e.g. switching between menus.
This commit avoids calling DoFocusEvents in that precise case, i.e. when
oldWin is a previous grab and the new grab is the same window.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
no less. Both ProcSendEvent and SProcSendEvent verify that the received data
exactly match the request size. However nothing stops the client from passing
in event with xEvent::type = GenericEvent and any value of
xGenericEvent::length.
In the case of ProcSendEvent, the event will be eventually passed to
WriteEventsToClient which will see that it is Generic event and copy the
arbitrary length from the receive buffer (and possibly past it) and send it to
the other client. This allows clients to copy unitialized heap memory out of X
server or to crash it.
In case of SProcSendEvent, it will attempt to swap the incoming event by
calling a swapping function from the EventSwapVector array. The swapped event
is written to target buffer, which in this case is local xEvent variable. The
xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
expect that the target buffer has size matching the size of the source
GenericEvent. This allows clients to cause stack buffer overflows.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If the root window borderClip region is null, the PointInWindowIsVisible()
check fails if pointer warping is attempted on the root window, making
the warping operation bail out early.
Assume coordinates always lay inside the root window for this case,
the actual position will be clamped later within screen coordinates anyway.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This function will be called when a pointer is grabbed non-root window
set as the 'confineTo'. This will enable the ddx to handle the
confinement their own way.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
This new vfunc will be called, if set, after a client has issued a
WarpPointer request. This is necessary for implementing pointer warp
emulation in Xwayland.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
Fix a couple of copy-and-paste errors preventing FocusIn grabs from working.
Perhaps the extension version should be bumped though to distinguish between
working and non-working extension versions.
Signed-off-by: Michael Thayer <michael.thayer@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
In patch 137ac094e7, Adam moved an
expensive call to UpdateCurrentTime out of the main dispatch
loop. That's a good change as the original fix from Chase was a bit
expensive. However, it breaks grab processing and so a couple of the
calls to UpdateCurrenTime need to be removed.
Input event processing can generate a stream of events; a button press
that activates a grab will send a press followed by a sequence of
enter/leave events. All of these should have the same time stamp on
the wire as they occur at the 'same' time.
More importantly, the grab time recorded in the device is pulled from
currentTime after all of the events are delivered, so if currentTime
doesn't match the time in the device event, then future grab
modifications will fail as the time marked in the device will be
'later' than the grab time known to the client (which is defined as
the timestamp from the activating input event).
A bit of history here -- it used to be that currentTime was driven
*entirely* by input events; those timestamps didn't even have to be
related to the system time in any way. Then we started doing ICCCM
stuff and people got confused when PropertyNotify events would have
the same timestamp even when delivered minutes apart because no input
events were delivered.
We added code in the server to go update the time, but only if no
input events were pending (so that the clock "wouldn't" go
backwards). The only places where this is necessary is in request
processing which may generate an event with a timestamp, and there
only at the very top of the request processing code so that the whole
request would be processed at the 'same time', just like events.
cc: Chase Douglas <chase.douglas@canonical.com>
cc: Peter Hutterer <peter.hutterer@who-t.net>
cc: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Michel Dänzer <michel.daenzer@amd.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
This was added in:
commit 312910b4e3
Author: Chase Douglas <chase.douglas@canonical.com>
Date: Wed Apr 18 11:15:40 2012 -0700
Update currentTime in dispatch loop
Unfortunately this is equivalent to calling GetTimeInMillis() once per
request. In the absolute best case (as on Linux) you're only hitting the
vDSO; on other platforms that's a syscall. Either way it puts a pretty
hard ceiling on request throughput.
Instead, push the call down to the requests that need it; basically,
grab processing and event generation.
Cc: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
The refactoring in commit efc1035ca9
removed the actual update of currentTime.
Signed-off-by: Rui Matos <tiagomatos@gmail.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Use typedefs to work around dtrace dropping const qualifiers from probe
arguments when generating Xserver-dtrace.h. Add new probes.h header to
avoid having to replicate these typedefs in every file with dtrace probes.
Gets rid of these warnings from gcc 4.8:
getevents.c:1096:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' discards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1096:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1651:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1651:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1791:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1791:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1921:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1921:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
The new current cursor was being referenced twice, resulting in a
memory leak when the current server generation ended.
Signed-off-by: Frank Binns <frank.binns@imgtec.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
This allows DDXen to override the window picking to account for
native windows not seen by the X server. The bulk of the picking logic
is exposed as a new helper function, miSpriteTrace(). This function
completes the sprite trace filled out by the caller, and can be set up
to start the search from a given toplevel window.
v2: Leave existing XYToWindow API in place for API compatibility
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer'
is used throughout the X server for other things, and having duplicate
names generates compiler warnings.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
As usual, mostly const char changes. However, filter_device_events had
a potentially uninitialized value, 'raw', which I added a bunch of
checks for. I suspect most of those are 'can't happen', but it's hard
to see that inside the function.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
CheckPassiveGrabsOnWindow() calls AllocGrab() which can fail and return NULL.
This return value is not checked, and can cause NULL pointer dereferences.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
GrabDevice() calls AllocGrab() which can fail and return NULL.
This return value is not checked, and can cause NULL pointer dereferences.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
The time between the idle reset and the IdleTimeWakeupHandler to be called is
indeterminate. Clients with an PositiveTransition or NegativeTransition alarm
on a low threshold may miss an alarm.
Work around this by keeping a reset flag for each device. When the
WakeupHandler triggers and the reset flag is set, we force a re-calculation of
everything and pretend the current idle time is zero. Immediately after is the
next calculation with the real idle time.
Relatively reproducible test case: Set up a XSyncNegativeTransition alarm for
a threshold of 1 ms. May trigger, may not.
X.Org Bug 70476 <http://bugs.freedesktop.org/show_bug.cgi?id=70476>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
And now that we have the accessors, localize it. No functional changes, just
preparing for a future change.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Use the grabtype to determine which type of event to send - all other events
are pointless and may result in erroneous events being delivered.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
For an active grab, grab->eventMask can be either the core or the XI1 mask.
With the overlap of event filters, calling DeliverOneGrabbedEvent(XI1) for a
ProximityOut event will trigger if the client has selected for enter events -
the filter is the same for both.
Thus, we end up delivering a proximity event to a client not expecting one.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If a client calls XAllowEvents(SyncPointer) it expects events as normal until
the next button press or release event - that freezes the device. An e.g.
proximity event must thus not freeze the pointer.
As per the spec, only button and key events may do so, so narrow it to these
cases.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
if the grab type isn't XI2, grab->xi2mask is random. That random data may
have the enter/leave mask set, leading to events sent to the client that the
client can't handler.
Source of these errors:
_xgeWireToEvent: Unknown extension 131, this should never happen.
Simplest reproducer:
Start Xephyr, press button inside window, move out. As the pointer leaves
the Xephyr window, the errors appear.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
If we have a client which has registered for a DeviceButton grab
be sure to pass this to CheckDeviceGrabAndHintWindow(). Since the
order of clients is arbitrary there is no guarantee that the last
client in the list is the one that belongs to this class.
Signed-off-by: Egbert Eich <eich@freedesktop.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Ungrabbing a device during an active touch grab rejects the grab. Ungrabbing
a device during an active pointer grab accepts the grab.
Rejection is not really an option for a pointer-emulated grab, if a client
has a button mask on the window it would get a ButtonPress emulated after
UngrabDevice. That is against the core grab behaviour.
X.Org Bug 66720 <http://bugs.freedesktop.org/show_bug.cgi?id=66720>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
Too many callers relied on the refcnt being handled correctly. Use a simple
wrapper to handle that case.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The cursor is referenced during CopyGrab(), thus doesn't need to be handled
manually anymore. It does need to be refcounted for temp grabs though.
The oldGrab handling in ProcGrabPointer is a leftover from the cursor in the
grab being refcounted, but the grab itself being a static struct in the
DeviceIntRec. Now that all grabs are copied, this lead to a double-free of
the cursor (Reproduced in Thunderbird, dragging an email twice (or more
often) causes a crash).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
A client may call XIGrabDevice twice, overwriting the existing grab. Thus,
make sure we free the old copy after we copied it. Free it last, to make
sure our refcounts don't run to 0 and inadvertantly free something on the
way.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Introduced in xorg-server-1.13.99.901-2-g9ad0fdb. Storing the grab pointer
in the listener turns out to be a bad idea. If the grab is not an active
grab or an implicit grab, the pointer stored is the one to the grab attached
on the window. This grab may be removed if the client calls UngrabButton or
similar while the touch is still active, leaving a dangling pointer.
To avoid this, copy the grab wherever we need to reference it later. This
is also what we do for pointer/keyboard grabs, where we copy the grab as
soon as it becomes active.
Reported-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Obsolete since 4bc2761ad5. This struct
existed so copying a passive grab could be simply done by
activeGrab = *grab
and thus have a copy of the GrabPtr we'd get from various sources but still
be able to check device->grab for NULL.
Since 4bc2761 activeGrab is a pointer itself and points to the same memory
as grabinfo->grab, leaving us with the potential of dangling pointers if
either calls FreeGrab() and doesn't reset the other one.
There is no reader of activeGrab anyway, so simply removing it is
sufficient.
Note: field is merely renamed to keep the ABI. Should be removed in the
future.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
A sync grab is the owner once it gets events. If it doesn't replay the
event it will get all events from this touch, equivalent to accepting it.
If the touch has ended before XAllowEvents() is called, we also now need to
send the TouchEnd event and clean-up since we won't see anything more from
this touch.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Set on DeviceEnterLeaveEvent() the xXIEnterEvent->focus field
similarly to how the CoreEnterLeaveEvent() function above does
for core events.
This fixes bug https://bugzilla.gnome.org/show_bug.cgi?id=677329
reported to GTK+, where focus handling on window managers with
sloppy focus or no window manager present was broken due to this
field being always set to FALSE.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If a XI2.1+ client has a grab on a non-root window, it must still receive
raw events on the root window.
Test case: register for XI_ButtonPress on window and XI_RawMotion on root.
No raw events are received once the press activates an implicit grab on the
window.
X.Org Bug 53897 <http://bugs.freedesktop.org/show_bug.cgi?id=53897>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Should've been removed in bc1f90a615018c05994fae3e678dd2341256cd82a, but got
left here due to a botched rebase.
Fixes stray button events sent to clients after deactivating an async
pointer grab on a pointer-emulating-touch.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
events.c: In function 'DeactivatePointerGrab':
events.c:1524:51: warning: 'dev' may be used uninitialized in this function
[-Wuninitialized
dev is unset when we get here, the device to check is "mouse".
Introduced in ece8157a59.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
This places a pointer to the grab related to a TouchListener directly
in the TouchListener structure rather than hoping to find the grab
later on using the resource ID.
Passive grabs have resource ID in the resource DB so they can be
removed when a client exits, and those resource IDs get copied when
activated, but implicit grabs are constructed on-the-fly and have no
resource DB entry.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
Xi/xichangehierarchy.c
Small conflict with the patch from
Xi: don't use devices after removing them
Was easily resolved by hand.
Signed-off-by: Keith Packard <keithp@keithp.com>
If a client has a core grab, don't allow re-grabbing with type XI2, etc.
This was the intent of the original commit
xorg-server-1.5.99.1-782-g09f9a86, but ineffective.
X.Org Bug 58255 <http://bugs.freedesktop.org/show_bug.cgi?id=58255>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Only deliver to the client that created the barrier, not to other clients.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>