On Tue, 2011-09-13 at 19:31 +0800, Sam Spilsbury wrote: > Hi, > > I haven't contributed any patches to X11 before so excuse me if I'm > terribly in the wrong. > > I noticed that the server is not removing the SendEvent (0x80) bit in > ProcSendEvent in dix/events.c before doing range checks on the event > type. This would cause these range checks to return an invalid BadValue > error. > > I am not sure if this is *really* a bug in the server or a bug in > extension libraries (like libXext) who set the SendEvent bit before > converting the event to wire format, since ProcSendEvent sets the > SendEvent bit anyways just before it writes the event to the client. > > This at least fixed a case for me where sending synthetic ShapeNotify > events to clients resulted in a BadValue error. >
Alright, new patch attached. > Anyways, patch attached, > > Thanks, > > Sam > _______________________________________________ > [email protected]: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel
>From cf2cd8c03551c42d73a21ac5077904c8ec8ee4bd Mon Sep 17 00:00:00 2001 From: Sam Spilsbury <[email protected]> Date: Wed, 14 Sep 2011 09:58:34 +0800 Subject: [PATCH] Remove the SendEvent bit (0x80) before doing range checks on event type. Some extension libraries may set this bit before converting the event to wire protocol and as such range checking the event will cause an invalid BadValue error to result. As the documentation suggests the the bit should be "forced on", remove it before doing range checks and continue to force it on in the server. --- dix/events.c | 14 +++++++++++++- 1 files changed, 13 insertions(+), 1 deletions(-) diff --git a/dix/events.c b/dix/events.c index 8a4c6b9..9e58edb 100644 --- a/dix/events.c +++ b/dix/events.c @@ -5224,6 +5224,8 @@ CloseDownEvents(void) InputEventList = NULL; } +#define SEND_EVENT_BIT 0x80 + /** * Server-side protocol handling for SendEvent request. * @@ -5241,6 +5243,16 @@ ProcSendEvent(ClientPtr client) REQUEST_SIZE_MATCH(xSendEventReq); + /* libXext and other extension libraries may set the bit indicating + * that this event came from a SendEvent request so remove it + * since otherwise the event type may fail the range checks + * and cause an invalid BadValue error to be returned. + * + * This is safe to do since we later add the SendEvent bit (0x80) + * back in once we send the event to the client */ + + stuff->event.u.u.type &= ~(SEND_EVENT_BIT); + /* The client's event type must be a core event type or one defined by an extension. */ @@ -5298,7 +5310,7 @@ ProcSendEvent(ClientPtr client) client->errorValue = stuff->propagate; return BadValue; } - stuff->event.u.u.type |= 0x80; + stuff->event.u.u.type |= SEND_EVENT_BIT; if (stuff->propagate) { for (;pWin; pWin = pWin->parent) -- 1.7.5.4
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
