Button events may be sent with no valuators (e.g. to simply indicate ButtonPress or ButtonRelease without any coordinates); when this happens the server would read uninitialized memory.
==9999== Conditional jump or move depends on uninitialised value(s) ==9999== at 0x48E87E8: pixman_f_transform_point (in /usr/lib/libpixman-1.so.0.18.2) ==9999== Uninitialised value was created by a stack allocation ==9999== at 0x37524: GetPointerEvents (getevents.c:1074) ==9999== ==9999== Conditional jump or move depends on uninitialised value(s) ==9999== at 0x496D074: lround (s_lround.c:40) ==9999== by 0x3773B: GetPointerEvents (getevents.c:1048) ==9999== by 0x683BB: xf86PostButtonEventP (xf86Xinput.c:1162) ==9999== by 0x6853B: xf86PostButtonEvent (xf86Xinput.c:1126) ==9999== by 0x5779037: process_state (multitouch.c:321) (xf86-input-mtev) ==9999== by 0x577908F: read_input (multitouch.c:331)) (xf86-input-mtev) ==9999== by 0x66B4F: xf86SigioReadInput (xf86Events.c:298) ==9999== by 0x112697: xf86SIGIO (sigio.c:118) ==9999== by 0x4A12B2F: ??? (sigrestorer.S:51) ==9999== Uninitialised value was created by a stack allocation ==9999== at 0x37524: GetPointerEvents (getevents.c:1074) Signed-off-by: Oliver McFadden <[email protected]> --- I'm not sure anyone actually cares about this patch anymore, since this code has changed completely due to the valuator rework. If someone wants to apply it to the 1.9.2(.xxx) branches, then please be my guest. dix/getevents.c | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) diff --git a/dix/getevents.c b/dix/getevents.c index e5134d3..f1e5514 100644 --- a/dix/getevents.c +++ b/dix/getevents.c @@ -1034,19 +1034,21 @@ FreeEventList(EventListPtr list, int num_events) } static void -transformAbsolute(DeviceIntPtr dev, int v[MAX_VALUATORS]) +transformAbsolute(DeviceIntPtr dev, int first, int num, int *valuators) { - struct pixman_f_vector p; + struct pixman_f_vector p = { .v = {0.0, 0.0, 1.0} }; /* p' = M * p in homogeneous coordinates */ - p.v[0] = v[0]; - p.v[1] = v[1]; - p.v[2] = 1.0; + if (num >= 1 && first == 0) + p.v[0] = *(valuators + 0); + + if (first <= 1 && num >= (2 - first)) + p.v[1] = *(valuators + 1 - first); pixman_f_transform_point(&dev->transform, &p); - v[0] = lround(p.v[0]); - v[1] = lround(p.v[1]); + valuators[0] = lround(p.v[0]); + valuators[1] = lround(p.v[1]); } /** @@ -1124,7 +1126,7 @@ GetPointerEvents(EventList *events, DeviceIntPtr pDev, int type, int buttons, scr->height); } - transformAbsolute(pDev, valuators); + transformAbsolute(pDev, first_valuator, num_valuators, valuators); moveAbsolute(pDev, &x, &y, first_valuator, num_valuators, valuators); } else { if (flags & POINTER_ACCELERATE) { -- 1.7.1.245.g7c42e _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
