dix: avoid deferencing NULL PtrCtrl
PtrCtrl really makes sense for relative pointing device only, absolute devices such as touch devices do not have any PtrCtrl set. In some cases, if the client issues a XGetPointerControl() immediatlely after a ChangeMasterDeviceClasses() copied the touch device to the VCP, a NULL pointer dereference will occur leading to a crash of Xwayland. Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and return the default control values otherwise, to avoid the NULL pointer dereference. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533 Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
This commit is contained in:
		
							parent
							
								
									60f4646ae1
								
							
						
					
					
						commit
						9f7a9be13d
					
				|  | @ -2329,10 +2329,15 @@ int | ||||||
| ProcGetPointerControl(ClientPtr client) | ProcGetPointerControl(ClientPtr client) | ||||||
| { | { | ||||||
|     DeviceIntPtr ptr = PickPointer(client); |     DeviceIntPtr ptr = PickPointer(client); | ||||||
|     PtrCtrl *ctrl = &ptr->ptrfeed->ctrl; |     PtrCtrl *ctrl; | ||||||
|     xGetPointerControlReply rep; |     xGetPointerControlReply rep; | ||||||
|     int rc; |     int rc; | ||||||
| 
 | 
 | ||||||
|  |     if (ptr->ptrfeed) | ||||||
|  |         ctrl = &ptr->ptrfeed->ctrl; | ||||||
|  |     else | ||||||
|  |         ctrl = &defaultPointerControl; | ||||||
|  | 
 | ||||||
|     REQUEST_SIZE_MATCH(xReq); |     REQUEST_SIZE_MATCH(xReq); | ||||||
| 
 | 
 | ||||||
|     rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess); |     rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess); | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue