From 7347f39f94d8cebbf73ce1a2f94d1abdaf7ff383 Mon Sep 17 00:00:00 2001 From: Maarten Lankhorst Date: Tue, 9 Apr 2013 11:19:07 +0200 Subject: Xi: Do not handle ET_TouchOwnership in ProcessTouchEvent The event struct is different, causing memory corruption on 1.13 and 1.14, as can be witnessed in https://bugs.freedesktop.org/show_bug.cgi?id=56578 Signed-off-by: Maarten Lankhorst Reviewed-by: Peter Hutterer Signed-off-by: Peter Hutterer --- Xi/exevents.c | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) (limited to 'Xi') diff --git a/Xi/exevents.c b/Xi/exevents.c index 6779139b5..576f0fe42 100644 --- a/Xi/exevents.c +++ b/Xi/exevents.c @@ -1223,9 +1223,16 @@ TouchRejected(DeviceIntPtr sourcedev, TouchPointInfoPtr ti, XID resource, * touchpoint if it is pending finish. */ static void -ProcessTouchOwnershipEvent(DeviceIntPtr dev, TouchPointInfoPtr ti, - TouchOwnershipEvent *ev) +ProcessTouchOwnershipEvent(TouchOwnershipEvent *ev, + DeviceIntPtr dev) { + TouchPointInfoPtr ti = TouchFindByClientID(dev, ev->touchid); + + if (!ti) { + DebugF("[Xi] %s: Failed to get event %d for touchpoint %d\n", + dev->name, ev->type, ev->touchid); + return; + } if (ev->reason == XIRejectTouch) TouchRejected(dev, ti, ev->resource, ev); @@ -1538,10 +1545,7 @@ ProcessTouchEvent(InternalEvent *ev, DeviceIntPtr dev) if (!t) return; - if (ev->any.type == ET_TouchOwnership) - touchid = ev->touch_ownership_event.touchid; - else - touchid = ev->device_event.touchid; + touchid = ev->device_event.touchid; if (type == ET_TouchBegin) { ti = TouchBeginTouch(dev, ev->device_event.sourceid, touchid, @@ -1614,19 +1618,13 @@ ProcessTouchEvent(InternalEvent *ev, DeviceIntPtr dev) (type != ET_TouchEnd && ti->sprite.spriteTraceGood == 0)) return; - /* TouchOwnership events are handled separately from the rest, as they - * have more complex semantics. */ - if (ev->any.type == ET_TouchOwnership) - ProcessTouchOwnershipEvent(dev, ti, &ev->touch_ownership_event); - else { - TouchCopyValuatorData(&ev->device_event, ti); - /* WARNING: the event type may change to TouchUpdate in - * DeliverTouchEvents if a TouchEnd was delivered to a grabbing - * owner */ - DeliverTouchEvents(dev, ti, (InternalEvent *) ev, 0); - if (ev->any.type == ET_TouchEnd) - TouchEndTouch(dev, ti); - } + TouchCopyValuatorData(&ev->device_event, ti); + /* WARNING: the event type may change to TouchUpdate in + * DeliverTouchEvents if a TouchEnd was delivered to a grabbing + * owner */ + DeliverTouchEvents(dev, ti, (InternalEvent *) ev, 0); + if (ev->any.type == ET_TouchEnd) + TouchEndTouch(dev, ti); if (emulate_pointer) UpdateDeviceState(dev, &ev->device_event); @@ -1820,10 +1818,14 @@ ProcessOtherEvent(InternalEvent *ev, DeviceIntPtr device) break; case ET_TouchBegin: case ET_TouchUpdate: - case ET_TouchOwnership: case ET_TouchEnd: ProcessTouchEvent(ev, device); break; + case ET_TouchOwnership: + /* TouchOwnership events are handled separately from the rest, as they + * have more complex semantics. */ + ProcessTouchOwnershipEvent(&ev->touch_ownership_event, device); + break; case ET_BarrierHit: case ET_BarrierLeave: ProcessBarrierEvent(ev, device); -- cgit v1.2.3