[PATCH xserver] dix: avoid deferencing NULL PtrCtrl
Olivier Fourdan
ofourdan at redhat.com
Tue Dec 5 08:59:06 UTC 2017
PtrCtrl really makes sense for relative pointing device only, absolute
devices such as touch devices do not have any PtrCtrl set.
In some cases, if the client issues a XGetPointerControl() immediatlely
after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
a NULL pointer dereference will occur leading to a crash of Xwayland.
Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
return the default control values oterhwise, to avoid the NULL pointer
dereference.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
---
dix/devices.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/dix/devices.c b/dix/devices.c
index ea3c6c8a9..4a628afb0 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -2329,10 +2329,15 @@ int
ProcGetPointerControl(ClientPtr client)
{
DeviceIntPtr ptr = PickPointer(client);
- PtrCtrl *ctrl = &ptr->ptrfeed->ctrl;
+ PtrCtrl *ctrl;
xGetPointerControlReply rep;
int rc;
+ if (ptr->ptrfeed)
+ ctrl = &ptr->ptrfeed->ctrl;
+ else
+ ctrl = &defaultPointerControl;
+
REQUEST_SIZE_MATCH(xReq);
rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess);
--
2.14.3
More information about the wayland-devel
mailing list