[PATCH xserver] dix: avoid deferencing NULL PtrCtrl

Olivier Fourdan ofourdan at redhat.com
Tue Dec 5 08:59:06 UTC 2017


PtrCtrl really makes sense for relative pointing device only, absolute
devices such as touch devices do not have any PtrCtrl set.

In some cases, if the client issues a XGetPointerControl() immediatlely
after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
a NULL pointer dereference will occur leading to a crash of Xwayland.

Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
return the default control values oterhwise, to avoid the NULL pointer
dereference.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
---
 dix/devices.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dix/devices.c b/dix/devices.c
index ea3c6c8a9..4a628afb0 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -2329,10 +2329,15 @@ int
 ProcGetPointerControl(ClientPtr client)
 {
     DeviceIntPtr ptr = PickPointer(client);
-    PtrCtrl *ctrl = &ptr->ptrfeed->ctrl;
+    PtrCtrl *ctrl;
     xGetPointerControlReply rep;
     int rc;
 
+    if (ptr->ptrfeed)
+        ctrl = &ptr->ptrfeed->ctrl;
+    else
+        ctrl = &defaultPointerControl;
+
     REQUEST_SIZE_MATCH(xReq);
 
     rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess);
-- 
2.14.3



More information about the wayland-devel mailing list