diff options
| author | Peter Hutterer <peter.hutterer@who-t.net> | 2010-04-14 17:43:22 +1000 |
|---|---|---|
| committer | Peter Hutterer <peter.hutterer@who-t.net> | 2010-04-21 09:31:00 +1000 |
| commit | e8fae02f19d6d75ac3edbea2f5af8d250dcfbde3 (patch) | |
| tree | 278b3303f112015707530bc236b1a743783330fa | |
| parent | aa6a18fdebf444084c27e4a7f3eef7d93f9929b0 (diff) | |
dix: Fix crash in DeliverGrabbedEvents.
If both devices are synchronously grabbed, first with a GrabPointer, then
with a GrabKeyboard (GrabModeSync on both), sync.other of each device points
to the grab of the respective other device.
If the keyboard is then thawed through a AllowSome request, the VCK's
sync.other is reset to NULL. Subsequently, an event on the VCP would crash
the server when dereferencing sync.other on the VCP.
The check's purpose is to compare if the other device is grabbed by the same
client, which should be checked by accessing (dev->deviceGrab->grab->resource).
A check of the server-1.3 sources confirms that.
XTS test case: Xlib13 XAllowEvents 20.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
(cherry picked from commit 9ddbb03fa56aa73c3f417d8ee6433e45b94445b3)
| -rw-r--r-- | dix/events.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/dix/events.c b/dix/events.c index 311c6b609..44c4624c0 100644 --- a/dix/events.c +++ b/dix/events.c @@ -3980,7 +3980,7 @@ DeliverGrabbedEvent(InternalEvent *event, DeviceIntPtr thisDev, FreezeThaw(dev, TRUE); if ((dev->deviceGrab.sync.state == FREEZE_BOTH_NEXT_EVENT) && (CLIENT_BITS(grab->resource) == - CLIENT_BITS(dev->deviceGrab.sync.other->resource))) + CLIENT_BITS(dev->deviceGrab.grab->resource))) dev->deviceGrab.sync.state = FROZEN_NO_EVENT; else dev->deviceGrab.sync.other = grab; |