[PATCH 1.9.2.902 1/1] dix: GetPointerEvents: added valuator range checking

Mon Jan 24 22:22:31 PST 2011

Pushed:

   089a510..188148e  server-1.9-branch -> server-1.9-branch

On Jan 24, 2011, at 16:34, Peter Hutterer wrote:

> On Mon, Jan 24, 2011 at 10:03:30PM +0200, Oliver McFadden wrote:
>> Button events may be sent with no valuators (e.g. to simply indicate
>> ButtonPress or ButtonRelease without any coordinates); when this happens
>> the server would read uninitialized memory.
>> 
>> ==9999== Conditional jump or move depends on uninitialised value(s)
>> ==9999==    at 0x48E87E8: pixman_f_transform_point (in /usr/lib/libpixman-1.so.0.18.2)
>> ==9999==  Uninitialised value was created by a stack allocation
>> ==9999==    at 0x37524: GetPointerEvents (getevents.c:1074)
>> ==9999==
>> ==9999== Conditional jump or move depends on uninitialised value(s)
>> ==9999==    at 0x496D074: lround (s_lround.c:40)
>> ==9999==    by 0x3773B: GetPointerEvents (getevents.c:1048)
>> ==9999==    by 0x683BB: xf86PostButtonEventP (xf86Xinput.c:1162)
>> ==9999==    by 0x6853B: xf86PostButtonEvent (xf86Xinput.c:1126)
>> ==9999==    by 0x5779037: process_state (multitouch.c:321)      (xf86-input-mtev)
>> ==9999==    by 0x577908F: read_input (multitouch.c:331))        (xf86-input-mtev)
>> ==9999==    by 0x66B4F: xf86SigioReadInput (xf86Events.c:298)
>> ==9999==    by 0x112697: xf86SIGIO (sigio.c:118)
>> ==9999==    by 0x4A12B2F: ??? (sigrestorer.S:51)
>> ==9999==  Uninitialised value was created by a stack allocation
>> ==9999==    at 0x37524: GetPointerEvents (getevents.c:1074)
>> 
>> Signed-off-by: Oliver McFadden <oliver.mcfadden at nokia.com>
> 
> Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
> 
> Jeremy, feel free to pick this up
> 
> Cheers,
>  Peter
>> ---
>> I'm not sure anyone actually cares about this patch anymore, since this code has
>> changed completely due to the valuator rework. If someone wants to apply it to
>> the 1.9.2(.xxx) branches, then please be my guest.
>> 
>> dix/getevents.c |   18 ++++++++++--------
>> 1 files changed, 10 insertions(+), 8 deletions(-)
>> 
>> diff --git a/dix/getevents.c b/dix/getevents.c
>> index e5134d3..f1e5514 100644
>> --- a/dix/getevents.c
>> +++ b/dix/getevents.c
>> @@ -1034,19 +1034,21 @@ FreeEventList(EventListPtr list, int num_events)
>> }
>> 
>> static void
>> -transformAbsolute(DeviceIntPtr dev, int v[MAX_VALUATORS])
>> +transformAbsolute(DeviceIntPtr dev, int first, int num, int *valuators)
>> {
>> -    struct pixman_f_vector p;
>> +    struct pixman_f_vector p = { .v = {0.0, 0.0, 1.0} };
>> 
>>     /* p' = M * p in homogeneous coordinates */
>> -    p.v[0] = v[0];
>> -    p.v[1] = v[1];
>> -    p.v[2] = 1.0;
>> +    if (num >= 1 && first == 0)
>> +        p.v[0] = *(valuators + 0);
>> +
>> +    if (first <= 1 && num >= (2 - first))
>> +        p.v[1] = *(valuators + 1 - first);
>> 
>>     pixman_f_transform_point(&dev->transform, &p);
>> 
>> -    v[0] = lround(p.v[0]);
>> -    v[1] = lround(p.v[1]);
>> +    valuators[0] = lround(p.v[0]);
>> +    valuators[1] = lround(p.v[1]);
>> }
>> 
>> /**
>> @@ -1124,7 +1126,7 @@ GetPointerEvents(EventList *events, DeviceIntPtr pDev, int type, int buttons,
>>                         scr->height);
>>         }
>> 
>> -        transformAbsolute(pDev, valuators);
>> +        transformAbsolute(pDev, first_valuator, num_valuators, valuators);
>>         moveAbsolute(pDev, &x, &y, first_valuator, num_valuators, valuators);
>>     } else {
>>         if (flags & POINTER_ACCELERATE) {
>> -- 
>> 1.7.1.245.g7c42e
>> 
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel