On Thu, Aug 31, 2017 at 10:23:00AM +0200, Olivier Fourdan wrote: > Xwayland would crash in some circumstances while trying to issue a > pointer locking when the cursor is hidden when there is no seat focus > window set. > > The crash signature looks like: > > #0 zwp_pointer_constraints_v1_lock_pointer () > #1 xwl_pointer_warp_emulator_lock () at xwayland-input.c:2584 > #2 xwl_seat_maybe_lock_on_hidden_cursor () at xwayland-input.c:2756 > #3 xwl_seat_maybe_lock_on_hidden_cursor () at xwayland-input.c:2765 > #4 xwl_seat_cursor_visibility_changed () at xwayland-input.c:2768 > #5 xwl_set_cursor () at xwayland-cursor.c:245 > #6 miPointerUpdateSprite () at mipointer.c:468 > #7 miPointerDisplayCursor () at mipointer.c:206 > #8 CursorDisplayCursor () at cursor.c:150 > #9 AnimCurDisplayCursor () at animcur.c:220 > #10 ChangeToCursor () at events.c:936 > #11 ActivatePointerGrab () at events.c:1542 > #12 GrabDevice () at events.c:5120 > #13 ProcGrabPointer () at events.c:4908 > #14 Dispatch () at dispatch.c:478 > #15 dix_main () at main.c:276 > > xwl_pointer_warp_emulator_lock() tries to use the surface from the > xwl_seat->focus_window leading to a NULL pointer dereference when that > value is NULL. > > Check that xwl_seat->focus_window is not NULL earlier in the stack in > xwl_seat_maybe_lock_on_hidden_cursor() and return early if not the case > to avoid the crash. > > Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=102474 > Signed-off-by: Olivier Fourdan <ofour...@redhat.com>
seems to make sense to me, pushed, thanks 3fbc3c3ee..cdd0352ba master -> master Cheers, Peter > --- > hw/xwayland/xwayland-input.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c > index 92e530d0d..acb467b91 100644 > --- a/hw/xwayland/xwayland-input.c > +++ b/hw/xwayland/xwayland-input.c > @@ -2749,6 +2749,9 @@ xwl_seat_maybe_lock_on_hidden_cursor(struct xwl_seat > *xwl_seat) > !xwl_seat->cursor_confinement_window) > return FALSE; > > + if (!xwl_seat->focus_window) > + return FALSE; > + > if (xwl_seat->confined_pointer) > xwl_seat_destroy_confined_pointer(xwl_seat); > > -- > 2.13.5 > > _______________________________________________ > wayland-devel mailing list > wayland-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/wayland-devel > _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
