From 2ee85d954c8f3a6affbd9b1b745594ff12e8b670 Mon Sep 17 00:00:00 2001 From: Scott James Remnant Date: Tue, 14 Jun 2011 16:36:07 -0700 Subject: dix: avoid calling deleted block and wakeup handlers BlockHandler and WakeupHandlers may be removed within a different BlockHandler or WakeupHandler, especially since config/udev uses these and removes devices. Calling the deleted handlers and passing potentially freed data can result in the X server segfaulting after device removal, or events that result in device removal such as undocking or suspend/ resume. Signed-off-by: Scott James Remnant Reviewed-by: Daniel Stone Signed-off-by: Peter Hutterer --- dix/dixutils.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dix/dixutils.c b/dix/dixutils.c index 104363b72..1e3134663 100644 --- a/dix/dixutils.c +++ b/dix/dixutils.c @@ -386,8 +386,9 @@ BlockHandler(pointer pTimeout, pointer pReadmask) screenInfo.screens[i]->blockData, pTimeout, pReadmask); for (i = 0; i < numHandlers; i++) - (*handlers[i].BlockHandler) (handlers[i].blockData, - pTimeout, pReadmask); + if (!handlers[i].deleted) + (*handlers[i].BlockHandler) (handlers[i].blockData, + pTimeout, pReadmask); if (handlerDeleted) { for (i = 0; i < numHandlers;) @@ -416,8 +417,9 @@ WakeupHandler(int result, pointer pReadmask) ++inHandler; for (i = numHandlers - 1; i >= 0; i--) - (*handlers[i].WakeupHandler) (handlers[i].blockData, - result, pReadmask); + if (!handlers[i].deleted) + (*handlers[i].WakeupHandler) (handlers[i].blockData, + result, pReadmask); for (i = 0; i < screenInfo.numScreens; i++) (* screenInfo.screens[i]->WakeupHandler)(i, screenInfo.screens[i]->wakeupData, -- cgit v1.2.3