[PATCH] Xext: return BadValue for XTestFakeInput on unsupported capabilities.
Peter Hutterer
peter.hutterer at who-t.net
Thu Jul 2 20:41:05 PDT 2009
Calling XTestFakeDevice*Event on a device that doesn't allow the matching
event returns BadValue.
Reported-by: Florian Echtler
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
On Sat, Jun 27, 2009 at 03:05:48PM +0200, Florian Echtler wrote:
> just a very short bug report: yesterday, I made my Xserver segfault by
> using XTestFakeDeviceMotionEvent. I passed an XDevice struct looking as
> follows: XDevice dev = { 11, 0, 0 }. However, at that moment I didn't
> have a master pointer with ID 11 -> crash. Unfortunately, I don't have a
> suitable backtrace, and I can't recompile my server at the moment, but
> maybe this information helps you nevertheless.
caused by missing capabilities checks before posting the event.
Reproducible by calling any device event on a device that doesn't have the
matching classes (e.g. key events on master pointers or button/motion events
Cheers,
Peter
Xext/xtest.c | 24 ++++++++++++++++++++++++
1 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/Xext/xtest.c b/Xext/xtest.c
index 4f5c527..f6ae3e3 100644
--- a/Xext/xtest.c
+++ b/Xext/xtest.c
@@ -189,11 +189,35 @@ ProcXTestFakeInput(ClientPtr client)
switch (type) {
case XI_DeviceKeyPress:
case XI_DeviceKeyRelease:
+ if (!dev->key)
+ {
+ client->errorValue = ev->u.u.type;
+ return BadValue;
+ }
+ break;
case XI_DeviceButtonPress:
case XI_DeviceButtonRelease:
+ if (!dev->button)
+ {
+ client->errorValue = ev->u.u.type;
+ return BadValue;
+ }
+ break;
case XI_DeviceMotionNotify:
+ if (!dev->valuator)
+ {
+ client->errorValue = ev->u.u.type;
+ return BadValue;
+ }
+ break;
case XI_ProximityIn:
case XI_ProximityOut:
+ if (!dev->proximity)
+ {
+ client->errorValue = ev->u.u.type;
+ return BadValue;
+ }
+ break;
break;
default:
client->errorValue = ev->u.u.type;
--
1.6.3.rc1.2.g0164.dirty
More information about the xorg
mailing list