[PATCH] dix: Fix crash in DeliverGrabbedEvents.

Peter Hutterer peter.hutterer at who-t.net
Wed Apr 14 16:27:34 PDT 2010


On Wed, Apr 14, 2010 at 03:13:04PM -0700, Keith Packard wrote:
> On Wed, 14 Apr 2010 17:43:22 +1000, Peter Hutterer <peter.hutterer at who-t.net> wrote:
> 
> > The check's purpose is to compare if the other device is grabbed by the same
> > client, which should be checked by accessing (dev->deviceGrab->grab->resource).
> > A check of the server-1.3 sources confirms that.
> 
> This seems obvious -- when sync.state is set to FREEZE_BOTH_NEXT_EVENT,
> the same device may get sync.other set to NullGrab. And, the goal is to
> re-freeze any device grabbed by the same client, which is what the new
> code does. I don't understand what the old code was trying to do; there
> isn't any reason to talk about the sync.other element.

this code has changed a few times during MPX development. at some point MPX
had the option of two device grabs on each device (core + XI), but that
functionality was removed later in favour of the current either core or XI. 
so it was rather messy already, the real commit to blame is 7d4df0ee which
introduced this bug.
> 
> > @@ -3980,7 +3980,7 @@ DeliverGrabbedEvent(InternalEvent *event, DeviceIntPtr thisDev,
> >  		FreezeThaw(dev, TRUE);
> >  		if ((dev->deviceGrab.sync.state == FREEZE_BOTH_NEXT_EVENT) &&
> >  		    (CLIENT_BITS(grab->resource) ==
> > -		     CLIENT_BITS(dev->deviceGrab.sync.other->resource)))
> > +		     CLIENT_BITS(dev->deviceGrab.grab->resource)))
> >  		    dev->deviceGrab.sync.state = FROZEN_NO_EVENT;
> >  		else
> >                      dev->deviceGrab.sync.other = grab;
> 
> Reviewed-by: Keith Packard <keithp at keithp.com>

thanks, I appreciate the pain you took ;)

Cheers,
  Peter


More information about the xorg-devel mailing list