9fb08310b5
Once a device is disabled, it doesn't have a sprite pointer anymore. If an event is still in the queue and processed after DisableDevice finished, a dereference causes a crash. Example backtrace (crash forced by injecting an event at the right time): (EE) 0: /opt/xorg/bin/Xorg (OsSigHandler+0x3c) [0x48d334] (EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x37fcc0f74f] (EE) 2: /opt/xorg/bin/Xorg (mieqMoveToNewScreen+0x38) [0x609240] (EE) 3: /opt/xorg/bin/Xorg (mieqProcessDeviceEvent+0xd4) [0x609389] (EE) 4: /opt/xorg/bin/Xorg (mieqProcessInputEvents+0x206) [0x609720] (EE) 5: /opt/xorg/bin/Xorg (ProcessInputEvents+0xd) [0x4aeb58] (EE) 6: /opt/xorg/bin/Xorg (xf86VTSwitch+0x1a6) [0x4af457] (EE) 7: /opt/xorg/bin/Xorg (xf86Wakeup+0x2bf) [0x4af0a7] (EE) 8: /opt/xorg/bin/Xorg (WakeupHandler+0x83) [0x4445cb] (EE) 9: /opt/xorg/bin/Xorg (WaitForSomething+0x3fe) [0x491bf6] (EE) 10: /opt/xorg/bin/Xorg (Dispatch+0x97) [0x435748] (EE) 11: /opt/xorg/bin/Xorg (dix_main+0x61d) [0x4438a9] (EE) 12: /opt/xorg/bin/Xorg (main+0x28) [0x49ba28] (EE) 13: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x37fc821d65] (EE) 14: /opt/xorg/bin/Xorg (_start+0x29) [0x425e69] (EE) 15: ? (?+0x29) [0x29] xf86VTSwitch() calls ProcessInputEvents() before disabling a device, and DisableDevice() calls mieqProcessInputEvents() again when flushing touches and button events. Between that and disabling the device (which causes new events to be refused) there is a window where events may be triggered and enqueued. On the next call to PIE that event is processed on a now defunct device, causing the crash. The simplest fix to this is to discard events from disabled devices. We flush the queue often enough before disabling that when we get here, we really don't care about the events from this device. X.Org Bug 77884 <http://bugs.freedesktop.org/show_bug.cgi?id=77884> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reported-by: Maarten Lankhorst <maarten.lankhorst@canonical.com> Tested-by: Maarten Lankhorst <maarten.lankhorst@canonical.com> Reviewed-by: Keith Packard <keithp@keithp.com> Signed-off-by: Keith Packard <keithp@keithp.com> |
||
---|---|---|
.. | ||
xi2 | ||
.gitignore | ||
ddxstubs.c | ||
fixes.c | ||
hashtabletest.c | ||
input.c | ||
list.c | ||
Makefile.am | ||
misc.c | ||
os.c | ||
README | ||
signal-logging.c | ||
string.c | ||
touch.c | ||
xfree86.c | ||
xkb.c | ||
xtest.c |
X server test suite This suite contains a set of tests to verify the behaviour of functions used internally to the server. This test suite is based on glib's testing framework [1]. = How it works = Through some automake abuse, we link the test programs with the same static libraries as the Xorg binary. The test suites can then call various functions and verify their behaviour - without the need to start the server or connect clients. This testing only works for functions that do not rely on a particular state of the X server. Unless the test suite replicates the expected state, which may be difficult. = How to run the tests = Run "make check" the test directory. This will compile the tests and execute them in the order specified in the TESTS variable in test/Makefile.am. Each set of tests related to a subsystem are available as a binary that can be executed directly. For example, run "xkb" to perform some xkb-related tests. == Adding a new test == When adding a new test, ensure that you add a short description of what the test does and what the expected outcome is. If the test reproduces a particular bug, using g_test_bug(). == Misc == The programs "gtester" and "gtester-report" may be used to generate XML/HTML log files of tests succeeded and failed. --------- [1] http://library.gnome.org/devel/glib/stable/glib-Testing.html