Re: xinput test crashes server when touchpad clicked
On Thursday 27 November 2008, Peter Hutterer wrote: On Thu, Nov 27, 2008 at 11:49:58AM +, Magnus Kessler wrote: Tested-by: Magnus Kessler [EMAIL PROTECTED] That patch works fine for me. Thanks for fixing this. However, I see that the same unchecked access to p-key-xkbInfo exists in other functions in xkbEvents.c as well, notably XkbSendStateNotify and XkbSendControlsNotify (where it might be guarded by the xkb_interest field?), XkbSendMapNotify, XkbHandleBell and XkbSendActionMessage. It seems clear from the naming (kbd) of the DeviceIntPtr parameter in those cases that above functions are intended to be called only for regular keyboard devices? Is this guaranteed? IIRC, these functions were always called with the VCK so that wouldn't cause any problems. We can't easily do that anymore, so the bail out if it's not a keyboard is the best approach. I'll amend the patch to fix the other occurances, but it'll take me a few days. If you get to it on the weekend, I'll be happy to review. Cheers, Peter Looks like you beat me to it with with the patch in your latest patch-set for 1.6. Please apply to main as well. Cheers, Magnus ___ xorg mailing list xorg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg
Re: xinput test crashes server when touchpad clicked
On Wednesday 26 November 2008, Peter Hutterer wrote:
On Wed, Nov 19, 2008 at 10:07:59PM +, Magnus Kessler wrote:
With the latest server and synaptics driver from git I can reliably
crash the server by starting
xinput test SynPS2/2 Synaptics Touchpad
and then clicking the any of the physical buttons or tapping the pad to
simulate a click.
How about this one?
From 87f5aa009d65e44f516bfc0168249ea29433b2b4 Mon Sep 17 00:00:00 2001
From: Peter Hutterer [EMAIL PROTECTED]
Date: Wed, 26 Nov 2008 12:20:00 +1000
Subject: [PATCH] xkb: don't attempt to filter events for devices without
key classes.
Reported by Magnus Kessler.
Signed-off-by: Peter Hutterer [EMAIL PROTECTED]
---
xkb/xkbEvents.c | 10 +-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
index 151849c..02565a4 100644
--- a/xkb/xkbEvents.c
+++ b/xkb/xkbEvents.c
@@ -819,7 +819,8 @@ XkbSrvInfoPtr xkbi;
pXDev = inputInfo.keyboard;
}
-xkbi= pXDev-key-xkbInfo;
+xkbi= (pXDev-key) ? pXDev-key-xkbInfo : NULL;
+
if ( pClient-xkbClientFlags _XkbClientInitialized ) {
if ((xkbDebugFlags0x10)
((xE[0].u.u.type==KeyPress)||(xE[0].u.u.type==KeyRelease)||
@@ -841,6 +842,10 @@ XkbSrvInfoPtrxkbi;
(_XkbIsReleaseEvent(xE[0].u.u.type)) ) {
return False;
}
+
+if (!xkbi)
+return True;
+
if ((pXDev-deviceGrab.grab != NullGrab)
pXDev-deviceGrab.fromPassiveGrab
((xE[0].u.u.type==KeyPress)||(xE[0].u.u.type==KeyRelease)||
@@ -884,6 +889,9 @@ XkbSrvInfoPtr xkbi;
else {
register CARD8 type;
+if (!xkbi)
+return True;
+
for (i=0;inEvents;i++) {
type= xE[i].u.u.type;
if ((xkbDebugFlags0x4)
Tested-by: Magnus Kessler [EMAIL PROTECTED]
That patch works fine for me. Thanks for fixing this.
However, I see that the same unchecked access to p-key-xkbInfo exists in
other functions in xkbEvents.c as well, notably XkbSendStateNotify and
XkbSendControlsNotify (where it might be guarded by the xkb_interest
field?), XkbSendMapNotify, XkbHandleBell and XkbSendActionMessage.
It seems clear from the naming (kbd) of the DeviceIntPtr parameter in
those cases that above functions are intended to be called only for regular
keyboard devices? Is this guaranteed?
Cheers,
Magnus
___
xorg mailing list
xorg@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/xorg
Re: xinput test crashes server when touchpad clicked
On Thu, Nov 27, 2008 at 11:49:58AM +, Magnus Kessler wrote: Tested-by: Magnus Kessler [EMAIL PROTECTED] That patch works fine for me. Thanks for fixing this. However, I see that the same unchecked access to p-key-xkbInfo exists in other functions in xkbEvents.c as well, notably XkbSendStateNotify and XkbSendControlsNotify (where it might be guarded by the xkb_interest field?), XkbSendMapNotify, XkbHandleBell and XkbSendActionMessage. It seems clear from the naming (kbd) of the DeviceIntPtr parameter in those cases that above functions are intended to be called only for regular keyboard devices? Is this guaranteed? IIRC, these functions were always called with the VCK so that wouldn't cause any problems. We can't easily do that anymore, so the bail out if it's not a keyboard is the best approach. I'll amend the patch to fix the other occurances, but it'll take me a few days. If you get to it on the weekend, I'll be happy to review. Cheers, Peter ___ xorg mailing list xorg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg
Re: xinput test crashes server when touchpad clicked
On Wed, Nov 19, 2008 at 10:07:59PM +, Magnus Kessler wrote:
With the latest server and synaptics driver from git I can reliably crash
the server by starting
xinput test SynPS2/2 Synaptics Touchpad
and then clicking the any of the physical buttons or tapping the pad to
simulate a click.
How about this one?
From 87f5aa009d65e44f516bfc0168249ea29433b2b4 Mon Sep 17 00:00:00 2001
From: Peter Hutterer [EMAIL PROTECTED]
Date: Wed, 26 Nov 2008 12:20:00 +1000
Subject: [PATCH] xkb: don't attempt to filter events for devices without key
classes.
Reported by Magnus Kessler.
Signed-off-by: Peter Hutterer [EMAIL PROTECTED]
---
xkb/xkbEvents.c | 10 +-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c
index 151849c..02565a4 100644
--- a/xkb/xkbEvents.c
+++ b/xkb/xkbEvents.c
@@ -819,7 +819,8 @@ XkbSrvInfoPtr xkbi;
pXDev = inputInfo.keyboard;
}
-xkbi= pXDev-key-xkbInfo;
+xkbi= (pXDev-key) ? pXDev-key-xkbInfo : NULL;
+
if ( pClient-xkbClientFlags _XkbClientInitialized ) {
if ((xkbDebugFlags0x10)
((xE[0].u.u.type==KeyPress)||(xE[0].u.u.type==KeyRelease)||
@@ -841,6 +842,10 @@ XkbSrvInfoPtr xkbi;
(_XkbIsReleaseEvent(xE[0].u.u.type)) ) {
return False;
}
+
+if (!xkbi)
+return True;
+
if ((pXDev-deviceGrab.grab != NullGrab)
pXDev-deviceGrab.fromPassiveGrab
((xE[0].u.u.type==KeyPress)||(xE[0].u.u.type==KeyRelease)||
@@ -884,6 +889,9 @@ XkbSrvInfoPtr xkbi;
else {
register CARD8 type;
+if (!xkbi)
+return True;
+
for (i=0;inEvents;i++) {
type= xE[i].u.u.type;
if ((xkbDebugFlags0x4)
--
1.6.0.3
___
xorg mailing list
xorg@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/xorg
xinput test crashes server when touchpad clicked
With the latest server and synaptics driver from git I can reliably crash
the server by starting
xinput test SynPS2/2 Synaptics Touchpad
and then clicking the any of the physical buttons or tapping the pad to
simulate a click.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f808f66b6f0 (LWP 22831)]
XkbFilterEvents (pClient=0x46d2e80, nEvents=1, xE=0x45b5580) at
xkbEvents.c:822
/usr/src/debug/x11-base/xorg-server-/xorg-
server-/xkb/xkbEvents.c:822:23919:beg:0x554d35
(gdb) backtrace
#0 XkbFilterEvents (pClient=0x46d2e80, nEvents=1, xE=0x45b5580) at
xkbEvents.c:822
#1 0x004505ad in WriteEventsToClient (pClient=0x46d2e80, count=1,
events=0x45b5580) at events.c:5938
#2 0x004546c5 in TryClientEvents (client=0x46d2e80, dev=value
optimized out, pEvents=0x45b5580, count=1, mask=2540292784,
filter=41155024, grab=0x0) at events.c:1985
#3 0x0045532c in DeliverEventsToWindow (pDev=0x2ac7d40,
pWin=0x27b42f0, pEvents=0x45b5580, count=1, filter=4, grab=0x0, mskidx=2) at
events.c:2122
#4 0x00456f25 in DeliverDeviceEvents (pWin=0x27b42f0, xE=0x45b5580,
grab=0x0, stopAt=0x0, dev=0x2ac7d40, count=1) at events.c:2420
#5 0x00537ecd in ProcessOtherEvent (xE=0x45b5580, device=0x2ac7d40,
count=1) at exevents.c:1126
#6 0x005603cd in ProcessKeyboardEvent (xE=0x45b5580,
keybd=0x2ac7d40, count=1) at xkbPrKeyEv.c:208
#7 0x004cd11c in mieqProcessInputEvents () at mieq.c:378
#8 0x00490669 in ProcessInputEvents () at xf86Events.c:174
#9 0x0044ae21 in Dispatch () at dispatch.c:363
#10 0x00430f3d in main (argc=9, argv=0x7fff9769d128, envp=value
optimized out) at main.c:384
The server dies because of a null pointer in
Bool
XkbFilterEvents(ClientPtr pClient,int nEvents,xEvent *xE)
{
int i, button_mask;
DeviceIntPtr pXDev = inputInfo.keyboard;
XkbSrvInfoPtr xkbi;
if (xE-u.u.type EXTENSION_EVENT_BASE)
{
pXDev = XIGetDevice(xE);
if (!pXDev)
pXDev = inputInfo.keyboard;
}
xkbi= pXDev-key-xkbInfo;
^
| key is NULL on crash
Why would a touchpad be treated as a keyboard here?
Regards,
Magnus Kessler
signature.asc
Description: This is a digitally signed message part.
___
xorg mailing list
xorg@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/xorg
