projects / packages / xorg-xserver-server.git / blame
| Commit | Line | Data |
|---|---|---|
| ec9730da AM |
1 | From 30c077f228f563e4e1f4115b345577d9fd393b68 Mon Sep 17 00:00:00 2001 |
| 2 | From: Peter Hutterer <peter.hutterer@redhat.com> | |
| 3 | Date: Fri, 24 Oct 2008 15:06:49 +1030 | |
| 4 | Subject: [PATCH] dix: extra sanity-checks against potential NULL-dereferences. #434807 | |
| 5 | ||
| 6 | Two minor code paths could potentially crash the server: | |
| 7 | - if scr is NULL, we shouldn't try to dereference it. | |
| 8 | - if GPE is called with buttons != 0 but the event is not a | |
| 9 | ButtonPress or ButtonRelease, the button mapping may dereference a NULL | |
| 10 | pointer. | |
| 11 | ||
| 12 | Admittedly the second should never happen, but better to guard against it. | |
| 13 | --- | |
| 14 | dix/getevents.c | 6 ++++++ | |
| 15 | 1 files changed, 6 insertions(+), 0 deletions(-) | |
| 16 | ||
| 17 | diff --git a/dix/getevents.c b/dix/getevents.c | |
| 18 | index 1e0edbf..923744d 100644 | |
| 19 | --- a/dix/getevents.c | |
| 20 | +++ b/dix/getevents.c | |
| 21 | @@ -537,6 +537,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons, | |
| 22 | ScreenPtr scr = miPointerGetScreen(pDev); | |
| 23 | ||
| 24 | /* Sanity checks. */ | |
| 25 | + if (!scr) | |
| 26 | + return 0; | |
| 27 | + | |
| 28 | if (type != MotionNotify && type != ButtonPress && type != ButtonRelease) | |
| 29 | return 0; | |
| 30 | ||
| 31 | @@ -548,6 +551,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons, | |
| 32 | if (!pDev->valuator) | |
| 33 | return 0; | |
| 34 | ||
| 35 | + if (buttons && !pDev->button) | |
| 36 | + return 0; | |
| 37 | + | |
| 38 | if (!coreOnly && pDev->coreEvents) | |
| 39 | num_events = 2; | |
| 40 | else | |
| 41 | -- | |
| 42 | 1.6.0.3 | |
| 43 |