[PATCH libinput] Do not abort on invalid speed.

Olivier Fourdan ofourdan at redhat.com
Thu Feb 5 05:27:31 PST 2015

On 05/02/15 11:26, Olivier Fourdan wrote:> On 05/02/15 02:30, Peter 
Hutterer wrote:
 >> On Wed, Feb 04, 2015 at 04:45:37PM -0500, Olivier Fourdan wrote:
 >>> Hi Peter,
 >>> Just to clarify, evdev_accel_config_set_speed() calls 
 >>> which calls accelerator_set_speed() which reaches the assert().
 >>> My patch basically removes the assert() and replaces it by a return
 >>> false
 >>> so that it fails gracefully.
 >> yeah, I understand that bit but I don't know is how you get here. the
 >> xorg libinput driver calls libinput_device_config_accel_set_speed() 
 >> has the range check. This should be the only entry point for
 >> evdev_accel_config_set_speed() so really, this assert should never
 >> trigger.

Haha, found out! It's tricky, if you can forge speed to be a "NaN" (or 
not a number, aka infinity), that will trigger the bug.

Reason being, in C at least, any comparison with NaN is false, whatever 
the value.

So (speed < -1.0 || speed > 1.0) is false if speed == NaN.

Since any comparison with NaN is false, (speed >= -1.0 && speed <= 1.0) 
is equally false as well, thus triggering the assert()...

Patch to follow ...


More information about the wayland-devel mailing list