diff options
| author | Peter Hutterer <peter.hutterer@who-t.net> | 2012-09-28 11:49:29 +1000 |
|---|---|---|
| committer | Peter Hutterer <peter.hutterer@who-t.net> | 2012-10-08 11:19:33 +1000 |
| commit | f5fad30822ecd4d9767fd8078221910fbf038811 (patch) | |
| tree | 55c72ffb794551e7c90514bb0f50dfb6c887553f | |
| parent | aacfc321b44eae15020875a2b2c9b6ff0e14dd8c (diff) | |
dix: fix crash on XI 1.x grabs on disabled devices. (#54934)
If the device is disabled, the sprite window is NULL and dereferencing
crashes the server.
This is only triggered for XI 1.x grabs (ProcXGrabDevice) as XI2 grabs would
trigger another code path, creating a sprite for the disabled device as if
detaching it (which is wrong and fixed with this patch too).
Grabbing a disabled device doesn't make sense as it won't send events
anyway. However, the protocol specs do not prohibit it, so we need to keep
it working.
Luckily, oldWin is only used for focus out events, which aren't necessary
given that the device is disabled.
X.Org Bug 54934 <http://bugs.freedesktop.org/show_bug.cgi?id=54934>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@ubuntu.com>
(cherry picked from commit 9d6b8365702e4648e793fea21ad22f7174558680)
| -rw-r--r-- | dix/events.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/dix/events.c b/dix/events.c index 3b40446bc..c0e330b85 100644 --- a/dix/events.c +++ b/dix/events.c @@ -1555,11 +1555,13 @@ ActivateKeyboardGrab(DeviceIntPtr keybd, GrabPtr grab, TimeStamp time, WindowPtr oldWin; /* slave devices need to float for the duration of the grab. */ - if (grab->grabtype == XI2 && + if (grab->grabtype == XI2 && keybd->enabled && !(passive & ImplicitGrabMask) && !IsMaster(keybd)) DetachFromMaster(keybd); - if (grabinfo->grab) + if (!keybd->enabled) + oldWin = NULL; + else if (grabinfo->grab) oldWin = grabinfo->grab->window; else if (keybd->focus) oldWin = keybd->focus->win; @@ -1569,7 +1571,8 @@ ActivateKeyboardGrab(DeviceIntPtr keybd, GrabPtr grab, TimeStamp time, oldWin = keybd->focus->win; if (keybd->valuator) keybd->valuator->motionHintWindow = NullWindow; - DoFocusEvents(keybd, oldWin, grab->window, NotifyGrab); + if (oldWin) + DoFocusEvents(keybd, oldWin, grab->window, NotifyGrab); if (syncEvents.playingEvents) grabinfo->grabTime = syncEvents.time; else |