These devices are used as placeholders for devices in passive grabs and replaced with the real device once the grab activates. The current static allocation means they don't have devPrivates allocated. If SELinux is enabled and a client registers a passive grab on XIAll(Master)Devices, this causes a null-pointer dereference of obj in SELinuxDevice().
X.Org Bug 50641 <http://bugs.freedesktop.org/show_bug.cgi?id=50641> Signed-off-by: Peter Hutterer <peter.hutte...@who-t.net> --- This fixes the crash, the devices we used for passive grabs were special when they dont need to be (anymore). Creating them normally means we get a devPrivate and the crash goes away. That's only one half of the problem though, afaict we still activate grabs on devices that may be restricted. You'll also need the list.h patch I just sent out http://patchwork.freedesktop.org/patch/11050/ Xi/extinit.c | 16 ---------------- dix/devices.c | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/Xi/extinit.c b/Xi/extinit.c index 94f46f7..5a691f8 100644 --- a/Xi/extinit.c +++ b/Xi/extinit.c @@ -185,9 +185,6 @@ static struct dev_type { CARD8 event_base[numInputClasses]; XExtEventInfo EventInfo[32]; -static DeviceIntRec xi_all_devices; -static DeviceIntRec xi_all_master_devices; - /** * Dispatch vector. Functions defined in here will be called when the matching * request arrives. @@ -1137,9 +1134,6 @@ IResetProc(ExtensionEntry * unused) EventSwapVector[DevicePresenceNotify] = NotImplemented; EventSwapVector[DevicePropertyNotify] = NotImplemented; RestoreExtensionEvents(); - - free(xi_all_devices.name); - free(xi_all_master_devices.name); } /*********************************************************************** @@ -1298,16 +1292,6 @@ XInputExtensionInit(void) GERegisterExtension(IReqCode, XI2EventSwap); - memset(&xi_all_devices, 0, sizeof(xi_all_devices)); - memset(&xi_all_master_devices, 0, sizeof(xi_all_master_devices)); - xi_all_devices.id = XIAllDevices; - xi_all_devices.name = strdup("XIAllDevices"); - xi_all_master_devices.id = XIAllMasterDevices; - xi_all_master_devices.name = strdup("XIAllMasterDevices"); - - inputInfo.all_devices = &xi_all_devices; - inputInfo.all_master_devices = &xi_all_master_devices; - XIResetProperties(); } else { diff --git a/dix/devices.c b/dix/devices.c index 08875bc..b1e1079 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -675,6 +675,20 @@ CorePointerProc(DeviceIntPtr pDev, int what) void InitCoreDevices(void) { + inputInfo.all_devices = AddInputDevice(serverClient, NULL, TRUE); + inputInfo.all_master_devices = AddInputDevice(serverClient, NULL, TRUE); + + if (!inputInfo.all_devices || !inputInfo.all_master_devices) + FatalError("Failed to allocate XIAllDevices/XIAllMasterDevices"); + + inputInfo.all_devices->id = XIAllDevices; + inputInfo.all_master_devices->id = XIAllMasterDevices; + + nt_list_del(inputInfo.all_devices, inputInfo.devices, DeviceIntRec, next); + nt_list_del(inputInfo.all_devices, inputInfo.off_devices, DeviceIntRec, next); + nt_list_del(inputInfo.all_master_devices, inputInfo.devices, DeviceIntRec, next); + nt_list_del(inputInfo.all_master_devices, inputInfo.off_devices, DeviceIntRec, next); + if (AllocDevicePair(serverClient, "Virtual core", &inputInfo.pointer, &inputInfo.keyboard, CorePointerProc, CoreKeyboardProc, TRUE) != Success) @@ -1021,6 +1035,9 @@ CloseDownDevices(void) CloseDevice(inputInfo.keyboard); + CloseDevice(inputInfo.all_devices); + CloseDevice(inputInfo.all_master_devices); + inputInfo.devices = NULL; inputInfo.off_devices = NULL; inputInfo.keyboard = NULL; -- 1.7.10.4 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
