scorpionit / rpms / xorg-x11-server

Forked from rpms/xorg-x11-server 4 years ago
Clone
Source Code
GIT

Files

ajax/upstream f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f7 f8 f9 master olpc2 olpc3 private-1_2-branch private-unbreak-domain-branch
  1.   f17
  2.   0001-Sync-TouchListener-memory-allocation-with-population.patch
Blob Blame History Raw 
From ee62b7a870e94dd1930a6e697f250c52fcefa9ef Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Thu, 25 Oct 2012 15:03:50 +0200
Subject: [PATCH] Sync TouchListener memory allocation with population in
 TouchSetupListeners()

The allocated TouchListener array may fall short by 1 if hitting the worst case
situation where there's an active grab, passive grabs on each window in the
sprite trace and event selection for touch in one of the windows. This may lead
to memory corruptions as the array is overflown.

Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit ced56f322ead10d1bc93fcd1f8e0ec3ae51292a3)
---
 dix/touch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dix/touch.c b/dix/touch.c
index ad48d8a..ec2c996 100644
--- a/dix/touch.c
+++ b/dix/touch.c
@@ -571,8 +571,8 @@ TouchBuildSprite(DeviceIntPtr sourcedev, TouchPointInfoPtr ti,
         return FALSE;
 
     /* Mark which grabs/event selections we're delivering to: max one grab per
-     * window plus the bottom-most event selection. */
-    ti->listeners = calloc(sprite->spriteTraceGood + 1, sizeof(*ti->listeners));
+     * window plus the bottom-most event selection, plus any active grab. */
+    ti->listeners = calloc(sprite->spriteTraceGood + 2, sizeof(*ti->listeners));
     if (!ti->listeners) {
         sprite->spriteTraceGood = 0;
         return FALSE;
-- 
1.8.1
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.