[PATCH] dix: FakeClientID for implicit passive grabs

Peter Hutterer peter.hutterer at who-t.net
Sun Nov 18 22:22:15 PST 2012

Using client->clientAsMask as resource for implicit passive grabs causes
resource conflict with client-allocated resources. Freeing the passive grab
frees all resources with that ID, so arbitrary resources can get freed while
still in use. This causes random crashes.

Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
Keith reminded me that FakeClientID() will re-use IDs already freed, so the
dance with special IDs isn't necessary. 
Hidden bonus: this was my first attempt of this patch anyway and I've had 3
days without a crash with this patch.

 dix/events.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dix/events.c b/dix/events.c
index 39350bc..81e3e01 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1983,7 +1983,7 @@ ActivateImplicitGrab(DeviceIntPtr dev, ClientPtr client, WindowPtr win,
         return FALSE;
     tempGrab->next = NULL;
     tempGrab->device = dev;
-    tempGrab->resource = client->clientAsMask;
+    tempGrab->resource = FakeClientID(client->index);
     tempGrab->window = win;
     tempGrab->ownerEvents = (deliveryMask & OwnerGrabButtonMask) ? TRUE : FALSE;
     tempGrab->eventMask = deliveryMask;

More information about the xorg-devel mailing list