[PATCH libinput] Do not abort on invalid speed.
Olivier Fourdan
ofourdan at redhat.com
Thu Feb 5 05:27:31 PST 2015
On 05/02/15 11:26, Olivier Fourdan wrote:> On 05/02/15 02:30, Peter
Hutterer wrote:
>> On Wed, Feb 04, 2015 at 04:45:37PM -0500, Olivier Fourdan wrote:
>>> Hi Peter,
>>>
>>> Just to clarify, evdev_accel_config_set_speed() calls
filter_set_speed()
>>> which calls accelerator_set_speed() which reaches the assert().
>>>
>>> My patch basically removes the assert() and replaces it by a return
>>> false
>>> so that it fails gracefully.
>>
>> yeah, I understand that bit but I don't know is how you get here. the
>> xorg libinput driver calls libinput_device_config_accel_set_speed()
which
>> has the range check. This should be the only entry point for
>> evdev_accel_config_set_speed() so really, this assert should never
>> trigger.
Haha, found out! It's tricky, if you can forge speed to be a "NaN" (or
not a number, aka infinity), that will trigger the bug.
Reason being, in C at least, any comparison with NaN is false, whatever
the value.
So (speed < -1.0 || speed > 1.0) is false if speed == NaN.
Since any comparison with NaN is false, (speed >= -1.0 && speed <= 1.0)
is equally false as well, thus triggering the assert()...
Patch to follow ...
Cheers,
Olivier
More information about the wayland-devel
mailing list