GPE unconditionally dereferences pDev->valuator if a mask is present. This shouldn't really happen but if it does, don't crash, just ignore the events with an error.
Signed-off-by: Peter Hutterer <[email protected]> --- dix/getevents.c | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/dix/getevents.c b/dix/getevents.c index a1d5e52..1208453 100644 --- a/dix/getevents.c +++ b/dix/getevents.c @@ -1066,6 +1066,11 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, switch (type) { case MotionNotify: + if (!pDev->valuator) + { + ErrorF("[dix] motion events from device %d without valuators\n", pDev->id); + return 0; + } if (!mask_in || valuator_mask_num_valuators(mask_in) <= 0) return 0; break; @@ -1073,6 +1078,11 @@ fill_pointer_events(InternalEvent *events, DeviceIntPtr pDev, int type, case ButtonRelease: if (!pDev->button || !buttons) return 0; + if (mask_in && valuator_mask_size(mask_in) > 0 && !pDev->valuator) + { + ErrorF("[dix] button event with valuator from device %d without valuators\n", pDev->id); + return 0; + } break; default: return 0; -- 1.7.6 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
