From: Pauli Nieminen <ext-pauli.niemi...@nokia.com>
Handler pointer is set to NULL when it was deleted while inside handler
calls. Too bad deletion loop tried to find first not NULL pointer which
incorrectly removed wrong handlers from the list.
That resulted to NULL pointer call when sending syntetic mouse events
with delay.
8 0x00000000 in ?? ()
9 0x00025d7c in WakeupHandler (result=0, pReadmask=0x1c4d48)
at ../../dix/dixutils.c:435
10 0x0005c9bc in WaitForSomething (pClientsReady=<value optimized out>)
Fixes: NB# 220574 - xorg crash with xtst
Signed-off-by: Pauli Nieminen <ext-pauli.niemi...@nokia.com>
---
dix/dixutils.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/dix/dixutils.c b/dix/dixutils.c
index 7db31ff..2b90d58 100644
--- a/dix/dixutils.c
+++ b/dix/dixutils.c
@@ -405,16 +405,16 @@ BlockHandler(pointer pTimeout, pointer pReadmask)
block.handlers[block.index].blockData, pTimeout, pReadmask);
if (block.deleted)
{
- for (i = 0; !block.handlers[i].BlockHandler; i++) {
+ for (i = 0; block.handlers[i].BlockHandler; i++) {
}
for (j = i + 1; j < block.num; j++) {
- if (block.handlers[j].BlockHandler)
+ if (!block.handlers[j].BlockHandler)
continue;
block.handlers[i] = block.handlers[j];
i++;
}
- block.num = i + 1;
+ block.num = i;
block.deleted = FALSE;
}
--block.inHandler;
@@ -440,16 +440,16 @@ WakeupHandler(int result, pointer pReadmask)
result, pReadmask);
if (wakeup.deleted)
{
- for (i = 0; !wakeup.handlers[i].WakeupHandler; i++) {
+ for (i = 0; wakeup.handlers[i].WakeupHandler; i++) {
}
for (j = i + 1; j < wakeup.num; j++) {
- if (wakeup.handlers[j].WakeupHandler)
+ if (!wakeup.handlers[j].WakeupHandler)
continue;
wakeup.handlers[i] = wakeup.handlers[j];
i++;
}
- wakeup.num = i + 1;
+ wakeup.num = i;
wakeup.deleted = FALSE;
}
--wakeup.inHandler;
--
1.7.0.4
_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
