[PATCH] dix: Fix hang in ConfineToShape
Peter Harris
pharris at opentext.com
Mon Jan 19 10:30:56 PST 2015
If the initial point is more than one pixel left, right, or below the
bounding box of the region, ConfineToShape will enter an infinite loop.
Avoid the infinite loop by resetting the position to the edge of the
bounding box if the initial point is outside the bounding box.
Signed-off-by: Peter Harris <pharris at opentext.com>
---
dix/events.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dix/events.c b/dix/events.c
index b8c67fd..d378366 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -687,15 +687,15 @@ ConfineToShape(DeviceIntPtr pDev, RegionPtr shape, int *px, int *py)
x += incx;
if (x >= box.x2) {
incx = -1;
- x = *px - 1;
+ x = min(box.x2, *px) - 1;
}
else if (x < box.x1) {
incx = 1;
- x = *px;
+ x = max(box.x1, *px);
y += incy;
if (y >= box.y2) {
incy = -1;
- y = *py - 1;
+ y = min(box.y2, *py) - 1;
}
else if (y < box.y1)
return; /* should never get here! */
--
2.1.0
More information about the xorg-devel
mailing list