From 30c077f228f563e4e1f4115b345577d9fd393b68 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Fri, 24 Oct 2008 15:06:49 +1030 Subject: [PATCH] dix: extra sanity-checks against potential NULL-dereferences. #434807 Two minor code paths could potentially crash the server: - if scr is NULL, we shouldn't try to dereference it. - if GPE is called with buttons != 0 but the event is not a ButtonPress or ButtonRelease, the button mapping may dereference a NULL pointer. Admittedly the second should never happen, but better to guard against it. --- dix/getevents.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/dix/getevents.c b/dix/getevents.c index 1e0edbf..923744d 100644 --- a/dix/getevents.c +++ b/dix/getevents.c @@ -537,6 +537,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons, ScreenPtr scr = miPointerGetScreen(pDev); /* Sanity checks. */ + if (!scr) + return 0; + if (type != MotionNotify && type != ButtonPress && type != ButtonRelease) return 0; @@ -548,6 +551,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons, if (!pDev->valuator) return 0; + if (buttons && !pDev->button) + return 0; + if (!coreOnly && pDev->coreEvents) num_events = 2; else -- 1.6.0.3