diff options
author | Peter Hutterer <peter.hutterer@who-t.net> | 2016-08-09 17:35:58 +1000 |
---|---|---|
committer | Peter Hutterer <peter.hutterer@who-t.net> | 2016-08-11 11:41:51 +1000 |
commit | 2df2815d6ae0c2ffb9e0a084d61ee3585f5116df (patch) | |
tree | ba319bb9c842a83f07852e641625105da63e9e21 /os | |
parent | a446ff84de2dd29439521f6e87d75bde3bbf002c (diff) |
os: append, rather than prepend, any new input thread fds
xf86AddEnabledDevice() prepends the new fd to the list,
xf86RemoveEnabledDevice() then searches for a matching fd and removes that
entry. If this is done for the same fd (and since we lose all information but
the actual fd) we usually unregister virtual devices in reverse order, causing
a dereference of already released memory.
Case in point:
- the wacom driver calls xf86AddEnabledDevice() once for the physical device,
then multiple times for the virtual subdevices
- when the physical device is unplugged, the driver calls
xf86RemoveEnabledDevice() for the physical device
- all we have is the fd, so we end up removing the last virtual device from
the fd set
- xf86DeleteInput() frees the physical device's pInfo
- the fd goes crazy with ENODEV, but a read_input() now passes the already
freed pInfo for the physical device
- boom
Fix this by appending to the fd list to provide bug-for-bug compatibility with
the old SIGIO code. This needs to be fixed in the driver, but meanwhile not
crashing the server provides for better user experience.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Diffstat (limited to 'os')
-rw-r--r-- | os/inputthread.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/os/inputthread.c b/os/inputthread.c index e815319f7..cb3af0661 100644 --- a/os/inputthread.c +++ b/os/inputthread.c @@ -205,7 +205,7 @@ InputThreadRegisterDev(int fd, dev->state = device_state_added; input_lock(); - xorg_list_add(&dev->node, &inputThreadInfo->devs); + xorg_list_append(&dev->node, &inputThreadInfo->devs); inputThreadInfo->changed = TRUE; |