In Xwayland's xwl_unrealize_cursor(), the x_cursor is cleared up only when a device value is provided to the UnrealizeCursor() routine, but if the device is NULL as called from FreeCursor(), the corresponding x_cursor for the xwl_seat is left untouched. This might cause a segfault when trying to access the unrealized cursor's devPrivates in xwl_seat_set_cursor(). A possible occurrence of this is the client changing the cursor, the Xserver calling FreeCursor() which does UnrealizeCursor() and then the Wayland server sending a pointer enter event, which invokes xwl_seat_set_cursor() while the seat's x_cursor has just been unrealized. To avoid this, walk through all the xwl_seats and clear up all x_cursor matching the cursor being unrealized. Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Jonas Ã…dahl <jadahl@gmail.com> Reviewed-by: Hans de Goede <hdegoede@redhat.com> |
||
---|---|---|
.. | ||
.gitignore | ||
drm.xml | ||
Makefile.am | ||
xwayland-cursor.c | ||
xwayland-cvt.c | ||
xwayland-glamor-xv.c | ||
xwayland-glamor.c | ||
xwayland-input.c | ||
xwayland-output.c | ||
xwayland-shm.c | ||
xwayland-vidmode.c | ||
xwayland.c | ||
xwayland.h |