If a touch is active during driver init, the slot will be set to SLOTSTATE_CLOSE when it finishes. That could decrease num_active_touches to less than 0, causing out-of-bounds access.
X.Org Bug 49439 <http://bugs.freedesktop.org/show_bug.cgi?id=49439> Signed-off-by: Peter Hutterer <peter.hutte...@who-t.net> --- src/synaptics.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/synaptics.c b/src/synaptics.c index e792977..d98ba71 100644 --- a/src/synaptics.c +++ b/src/synaptics.c @@ -2624,7 +2624,8 @@ UpdateTouchState(InputInfoPtr pInfo, struct SynapticsHwState *hw) priv->open_slots[j] = priv->open_slots[j + 1]; } - priv->num_active_touches--; + if (priv->num_active_touches > 0) + priv->num_active_touches--; } } -- 1.7.10.1 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
