diff options
| author | Lyude Paul <lyude@redhat.com> | 2020-07-14 18:32:39 -0400 |
|---|---|---|
| committer | Olivier Fourdan <ofourdan@redhat.com> | 2020-07-20 15:54:39 +0200 |
| commit | ccbcf083d5c676311aab77cc837a2539a7278a62 (patch) | |
| tree | ce5b8865c4252346822a9e788c8a749a5ab32974 /hw | |
| parent | cc36135595fad70ce81697d7c98eb8a26cec9a72 (diff) | |
xwayland: Store xwl_tablet_pad in its own private key
When a slave device causes the master virtual pointer device to change
device types, the device's private data pointer
(device->public.devicePrivate) is also changed to match the type of the
slave device. This can be a problem though, as tablet pad devices will
set the device's private data pointer to their own xwl_tablet_pad
struct. This can cause us to dereference the pointer as the wrong type,
and result in a segfault:
Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at src/wayland-client.c:792
792 va_start(ap, opcode);
(gdb) bt
0 wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at
src/wayland-client.c:792
1 0x00005610b27b6c55 in wl_pointer_set_cursor (hotspot_y=0,
hotspot_x=0, surface=0x0, serial=<optimized out>, wl_pointer=<optimized
out>) at /usr/include/wayland-client-protocol.h:4610
2 xwl_seat_set_cursor (xwl_seat=xwl_seat@entry=0x5610b46d5d10) at
xwayland-cursor.c:137
3 0x00005610b27b6ecd in xwl_set_cursor (device=<optimized out>,
screen=<optimized out>, cursor=<optimized out>, x=<optimized out>,
y=<optimized out>) at xwayland-cursor.c:249
4 0x00005610b2800b46 in miPointerUpdateSprite (pDev=0x5610b4501a30) at
mipointer.c:468
5 miPointerUpdateSprite (pDev=0x5610b4501a30) at mipointer.c:410
6 0x00005610b2800e56 in miPointerDisplayCursor (pCursor=0x5610b4b35740,
pScreen=0x5610b3d54410, pDev=0x5610b4501a30) at mipointer.c:206
7 miPointerDisplayCursor (pDev=0x5610b4501a30, pScreen=0x5610b3d54410,
pCursor=0x5610b4b35740) at mipointer.c:194
8 0x00005610b27ed62b in CursorDisplayCursor (pDev=<optimized out>,
pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at cursor.c:168
9 0x00005610b28773ee in AnimCurDisplayCursor (pDev=0x5610b4501a30,
pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at animcur.c:197
10 0x00005610b28eb4ca in ChangeToCursor (pDev=0x5610b4501a30,
cursor=0x5610b4b35740) at events.c:938
11 0x00005610b28ec99f in WindowHasNewCursor
(pWin=pWin@entry=0x5610b4b2e0c0) at events.c:3362
12 0x00005610b291102d in ChangeWindowAttributes (pWin=0x5610b4b2e0c0,
vmask=<optimized out>, vlist=vlist@entry=0x5610b4c41dcc,
client=client@entry=0x5610b4b2c900) at window.c:1561
13 0x00005610b28db8e3 in ProcChangeWindowAttributes (client=0x5610b4b2c900)
at dispatch.c:746
14 0x00005610b28e1e5b in Dispatch () at dispatch.c:497
15 0x00005610b28e5f34 in dix_main (argc=16, argv=0x7ffc7a601b68,
envp=<optimized out>) at main.c:276
16 0x00007f8828cde042 in __libc_start_main (main=0x5610b27ae930 <main>,
argc=16, argv=0x7ffc7a601b68, init=<optimized out>, fini=<optimized
out>, rtld_fini=<optimized out>, stack_end=0x7ffc7a601b58) at
../csu/libc-start.c:308
17 0x00005610b27ae96e in _start () at cursor.c:1064
Simple reproducer in gnome-shell: open up an Xwayland window, press some
tablet buttons, lock and unlock the screen. Repeat if it doesn't crash
the first time.
So, let's fix this by registering our own device-specific private key
for storing a backpointer to xwl_tablet_pad, so that all input devices
have their private data pointers set to their respective xwl_seat.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Lyude Paul <lyude@redhat.com>
(cherry picked from commit ba0e789b912671c724a21b3a30291247718bcf7d)
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/xwayland/xwayland-input.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c index c0916f87d..9b3b46ba7 100644 --- a/hw/xwayland/xwayland-input.c +++ b/hw/xwayland/xwayland-input.c @@ -48,6 +48,8 @@ struct sync_pending { DeviceIntPtr pending_dev; }; +static DevPrivateKeyRec xwl_tablet_private_key; + static void xwl_pointer_warp_emulator_handle_motion(struct xwl_pointer_warp_emulator *warp_emulator, double dx, @@ -2085,7 +2087,8 @@ static struct zwp_tablet_pad_group_v2_listener tablet_pad_group_listener = { static int xwl_tablet_pad_proc(DeviceIntPtr device, int what) { - struct xwl_tablet_pad *pad = device->public.devicePrivate; + struct xwl_tablet_pad *pad = dixGetPrivate(&device->devPrivates, + &xwl_tablet_private_key); /* Axis layout mirrors that of xf86-input-wacom to have better compatibility with existing clients */ #define NAXES 7 @@ -2209,7 +2212,7 @@ tablet_pad_done(void *data, pad->xdevice = add_device(pad->seat, "xwayland-pad", xwl_tablet_pad_proc); - pad->xdevice->public.devicePrivate = pad; + dixSetPrivate(&pad->xdevice->devPrivates, &xwl_tablet_private_key, pad); ActivateDevice(pad->xdevice, TRUE); EnableDevice(pad->xdevice, TRUE); } @@ -2924,6 +2927,11 @@ InitInput(int argc, char *argv[]) ScreenPtr pScreen = screenInfo.screens[0]; struct xwl_screen *xwl_screen = xwl_screen_get(pScreen); + if (!dixRegisterPrivateKey(&xwl_tablet_private_key, PRIVATE_DEVICE, 0)) { + ErrorF("Failed to register private key\n"); + return; + } + mieqInit(); xwl_screen->input_registry = wl_display_get_registry(xwl_screen->display); |