PtrCtrl really makes sense for relative pointing device only, absolute devices such as touch devices do not have any PtrCtrl set.
In some cases, if the client issues a XGetPointerControl() immediatlely after a ChangeMasterDeviceClasses() copied the touch device to the VCP, a NULL pointer dereference will occur leading to a crash of Xwayland. Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and return the default control values oterhwise, to avoid the NULL pointer dereference. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533 Signed-off-by: Olivier Fourdan <ofour...@redhat.com> --- dix/devices.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/dix/devices.c b/dix/devices.c index ea3c6c8a9..4a628afb0 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -2329,10 +2329,15 @@ int ProcGetPointerControl(ClientPtr client) { DeviceIntPtr ptr = PickPointer(client); - PtrCtrl *ctrl = &ptr->ptrfeed->ctrl; + PtrCtrl *ctrl; xGetPointerControlReply rep; int rc; + if (ptr->ptrfeed) + ctrl = &ptr->ptrfeed->ctrl; + else + ctrl = &defaultPointerControl; + REQUEST_SIZE_MATCH(xReq); rc = XaceHook(XACE_DEVICE_ACCESS, client, ptr, DixGetAttrAccess); -- 2.14.3 _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
