From 8dcd71b3951bdd105c5782fbb319b5456ca70db8 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 4 May 2017 14:50:31 +1000 Subject: lid: remove the keyboard listener on remove and re-init the listener If the event listener is added, then removed again on a lid switch on/off event, the list is set to null. This can trigger two crashes: * when the keyboard is removed first, the call to libinput_device_remove_event_listener() dereferences the null pointer * when the switch is removed first, the call to device_destroy will find a remaining event listener and assert https://bugzilla.redhat.com/show_bug.cgi?id=1440927 Signed-off-by: Peter Hutterer --- src/evdev-lid.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/evdev-lid.c b/src/evdev-lid.c index a975e35..baf7185 100644 --- a/src/evdev-lid.c +++ b/src/evdev-lid.c @@ -99,6 +99,8 @@ lid_switch_toggle_keyboard_listener(struct lid_switch_dispatch *dispatch, } else { libinput_device_remove_event_listener( &dispatch->keyboard.listener); + libinput_device_init_event_listener( + &dispatch->keyboard.listener); } } @@ -173,6 +175,17 @@ evdev_read_switch_reliability_prop(struct evdev_device *device) return r; } +static void +lid_switch_remove(struct evdev_dispatch *evdev_dispatch) +{ + struct lid_switch_dispatch *dispatch = lid_dispatch(evdev_dispatch); + + if (!dispatch->keyboard.keyboard) + return; + + libinput_device_remove_event_listener(&dispatch->keyboard.listener); +} + static void lid_switch_destroy(struct evdev_dispatch *evdev_dispatch) { @@ -197,7 +210,9 @@ lid_switch_pair_keyboard(struct evdev_device *lid_switch, if (dispatch->keyboard.keyboard) { if (bus_kbd != BUS_I8042) return; + libinput_device_remove_event_listener(&dispatch->keyboard.listener); + libinput_device_init_event_listener(&dispatch->keyboard.listener); } dispatch->keyboard.keyboard = keyboard; @@ -225,7 +240,9 @@ lid_switch_interface_device_removed(struct evdev_device *device, if (removed_device == dispatch->keyboard.keyboard) { libinput_device_remove_event_listener( - &dispatch->keyboard.listener); + &dispatch->keyboard.listener); + libinput_device_init_event_listener( + &dispatch->keyboard.listener); dispatch->keyboard.keyboard = NULL; } } @@ -271,7 +288,7 @@ lid_switch_sync_initial_state(struct evdev_device *device, struct evdev_dispatch_interface lid_switch_interface = { lid_switch_process, NULL, /* suspend */ - NULL, /* remove */ + lid_switch_remove, lid_switch_destroy, lid_switch_interface_device_added, lid_switch_interface_device_removed, -- cgit v1.2.3