|
 |
d62ea48 |
From 30c077f228f563e4e1f4115b345577d9fd393b68 Mon Sep 17 00:00:00 2001
|
|
|
d62ea48 |
From: Peter Hutterer <peter.hutterer@redhat.com>
|
|
|
d62ea48 |
Date: Fri, 24 Oct 2008 15:06:49 +1030
|
|
|
d62ea48 |
Subject: [PATCH] dix: extra sanity-checks against potential NULL-dereferences. #434807
|
|
|
d62ea48 |
|
|
|
d62ea48 |
Two minor code paths could potentially crash the server:
|
|
|
d62ea48 |
- if scr is NULL, we shouldn't try to dereference it.
|
|
|
d62ea48 |
- if GPE is called with buttons != 0 but the event is not a
|
|
|
d62ea48 |
ButtonPress or ButtonRelease, the button mapping may dereference a NULL
|
|
|
d62ea48 |
pointer.
|
|
|
d62ea48 |
|
|
|
d62ea48 |
Admittedly the second should never happen, but better to guard against it.
|
|
|
d62ea48 |
---
|
|
|
d62ea48 |
dix/getevents.c | 6 ++++++
|
|
|
d62ea48 |
1 files changed, 6 insertions(+), 0 deletions(-)
|
|
|
d62ea48 |
|
|
|
d62ea48 |
diff --git a/dix/getevents.c b/dix/getevents.c
|
|
|
d62ea48 |
index 1e0edbf..923744d 100644
|
|
|
d62ea48 |
--- a/dix/getevents.c
|
|
|
d62ea48 |
+++ b/dix/getevents.c
|
|
|
d62ea48 |
@@ -537,6 +537,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
|
|
|
d62ea48 |
ScreenPtr scr = miPointerGetScreen(pDev);
|
|
|
d62ea48 |
|
|
|
d62ea48 |
/* Sanity checks. */
|
|
|
d62ea48 |
+ if (!scr)
|
|
|
d62ea48 |
+ return 0;
|
|
|
d62ea48 |
+
|
|
|
d62ea48 |
if (type != MotionNotify && type != ButtonPress && type != ButtonRelease)
|
|
|
d62ea48 |
return 0;
|
|
|
d62ea48 |
|
|
|
d62ea48 |
@@ -548,6 +551,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
|
|
|
d62ea48 |
if (!pDev->valuator)
|
|
|
d62ea48 |
return 0;
|
|
|
d62ea48 |
|
|
|
d62ea48 |
+ if (buttons && !pDev->button)
|
|
|
d62ea48 |
+ return 0;
|
|
|
d62ea48 |
+
|
|
|
d62ea48 |
if (!coreOnly && pDev->coreEvents)
|
|
|
d62ea48 |
num_events = 2;
|
|
|
d62ea48 |
else
|
|
|
d62ea48 |
--
|
|
|
d62ea48 |
1.6.0.3
|
|
|
d62ea48 |
|