frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Convert more funcs to use InternalEvent. 

This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
in events.c: 3876    *grabinfo->sync.event = *real_event;

Possible fix for https://gitlab.freedesktop.org/xorg/xserver/-/issues/1253

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 5b8817a019)
This commit is contained in:
Matthieu Herrb 2021-11-16 23:38:46 +01:00 committed by Povilas Kanapickas
parent b27eaa7283
commit 8223a9d6d9
3 changed files with 30 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Xi/exevents.c
View File

@ -1901,7 +1901,7 @@ ProcessDeviceEvent(InternalEvent *ev, DeviceIntPtr device)
* nested) to clients. */
if (event->source_type == EVENT_SOURCE_FOCUS)
return;
if (!grab && CheckDeviceGrabs(device, event, 0))
if (!grab && CheckDeviceGrabs(device, ev, 0))
return;
break;
case ET_KeyRelease:
@ -1914,7 +1914,7 @@ ProcessDeviceEvent(InternalEvent *ev, DeviceIntPtr device)
if (b->map[key] == 0) /* there's no button 0 */
return;
event->detail.button = b->map[key];
if (!grab && CheckDeviceGrabs(device, event, 0)) {
if (!grab && CheckDeviceGrabs(device, ev, 0)) {
/* if a passive grab was activated, the event has been sent
* already */
return;

53
dix/events.c
View File

@ -1191,7 +1191,7 @@ EnqueueEvent(InternalEvent *ev, DeviceIntPtr device)
}
}
eventlen = event->length;
eventlen = sizeof(InternalEvent);
qe = malloc(sizeof(QdEventRec) + eventlen);
if (!qe)
@ -1319,7 +1319,7 @@ ComputeFreezes(void)
syncEvents.replayDev = (DeviceIntPtr) NULL;
if (!CheckDeviceGrabs(replayDev, &event->device_event,
if (!CheckDeviceGrabs(replayDev, event,
syncEvents.replayWin)) {
if (IsTouchEvent(event)) {
TouchPointInfoPtr ti =
@ -3027,7 +3027,7 @@ BOOL
ActivateFocusInGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
{
BOOL rc = FALSE;
DeviceEvent event;
InternalEvent event;
if (dev->deviceGrab.grab) {
if (!dev->deviceGrab.fromPassiveGrab ||
@ -3042,16 +3042,16 @@ ActivateFocusInGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
if (win == NoneWin || win == PointerRootWin)
return FALSE;
event = (DeviceEvent) {
.header = ET_Internal,
.type = ET_FocusIn,
.length = sizeof(DeviceEvent),
.time = GetTimeInMillis(),
.deviceid = dev->id,
.sourceid = dev->id,
.detail.button = 0
event = (InternalEvent) {
.device_event.header = ET_Internal,
.device_event.type = ET_FocusIn,
.device_event.length = sizeof(DeviceEvent),
.device_event.time = GetTimeInMillis(),
.device_event.deviceid = dev->id,
.device_event.sourceid = dev->id,
.device_event.detail.button = 0
};
rc = (CheckPassiveGrabsOnWindow(win, dev, (InternalEvent *) &event, FALSE,
rc = (CheckPassiveGrabsOnWindow(win, dev, &event, FALSE,
TRUE) != NULL);
if (rc)
DoEnterLeaveEvents(dev, dev->id, old, win, XINotifyPassiveGrab);
@ -3068,7 +3068,7 @@ static BOOL
ActivateEnterGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
{
BOOL rc = FALSE;
DeviceEvent event;
InternalEvent event;
if (dev->deviceGrab.grab) {
if (!dev->deviceGrab.fromPassiveGrab ||
@ -3080,16 +3080,16 @@ ActivateEnterGrab(DeviceIntPtr dev, WindowPtr old, WindowPtr win)
(*dev->deviceGrab.DeactivateGrab) (dev);
}
event = (DeviceEvent) {
.header = ET_Internal,
.type = ET_Enter,
.length = sizeof(DeviceEvent),
.time = GetTimeInMillis(),
.deviceid = dev->id,
.sourceid = dev->id,
.detail.button = 0
event = (InternalEvent) {
.device_event.header = ET_Internal,
.device_event.type = ET_Enter,
.device_event.length = sizeof(DeviceEvent),
.device_event.time = GetTimeInMillis(),
.device_event.deviceid = dev->id,
.device_event.sourceid = dev->id,
.device_event.detail.button = 0
};
rc = (CheckPassiveGrabsOnWindow(win, dev, (InternalEvent *) &event, FALSE,
rc = (CheckPassiveGrabsOnWindow(win, dev, &event, FALSE,
TRUE) != NULL);
if (rc)
DoEnterLeaveEvents(dev, dev->id, old, win, XINotifyPassiveGrab);
@ -4141,14 +4141,15 @@ CheckPassiveGrabsOnWindow(WindowPtr pWin,
*/
Bool
CheckDeviceGrabs(DeviceIntPtr device, DeviceEvent *event, WindowPtr ancestor)
CheckDeviceGrabs(DeviceIntPtr device, InternalEvent *ievent, WindowPtr ancestor)
{
int i;
WindowPtr pWin = NULL;
FocusClassPtr focus =
IsPointerEvent((InternalEvent *) event) ? NULL : device->focus;
IsPointerEvent(ievent) ? NULL : device->focus;
BOOL sendCore = (IsMaster(device) && device->coreEvents);
Bool ret = FALSE;
DeviceEvent *event = &ievent->device_event;
if (event->type != ET_ButtonPress && event->type != ET_KeyPress)
return FALSE;
@ -4171,7 +4172,7 @@ CheckDeviceGrabs(DeviceIntPtr device, DeviceEvent *event, WindowPtr ancestor)
if (focus) {
for (; i < focus->traceGood; i++) {
pWin = focus->trace[i];
if (CheckPassiveGrabsOnWindow(pWin, device, (InternalEvent *) event,
if (CheckPassiveGrabsOnWindow(pWin, device, ievent,
sendCore, TRUE)) {
ret = TRUE;
goto out;
@ -4186,7 +4187,7 @@ CheckDeviceGrabs(DeviceIntPtr device, DeviceEvent *event, WindowPtr ancestor)
for (; i < device->spriteInfo->sprite->spriteTraceGood; i++) {
pWin = device->spriteInfo->sprite->spriteTrace[i];
if (CheckPassiveGrabsOnWindow(pWin, device, (InternalEvent *) event,
if (CheckPassiveGrabsOnWindow(pWin, device, ievent,
sendCore, TRUE)) {
ret = TRUE;
goto out;

2
include/dix.h
View File

@ -458,7 +458,7 @@ WindowHasNewCursor(WindowPtr /* pWin */ );
extern Bool
CheckDeviceGrabs(DeviceIntPtr /* device */ ,
DeviceEvent * /* event */ ,
InternalEvent * /* event */ ,
WindowPtr /* ancestor */ );
extern void