An empty list points to itself but syncEvents has the list head only and is of a different format than the elements. Thus, casting it to a QdEventPtr gives us garbage.
Segfaults with XTS test case Xlib13/XGrabKeyboard Introduced in 7af23259d88f4c28ed21140f82cc03b3724c06bb. Reported-by: Aaron Plattner <[email protected]> Signed-off-by: Peter Hutterer <[email protected]> --- dix/events.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dix/events.c b/dix/events.c index 48cf7a2..d802903 100644 --- a/dix/events.c +++ b/dix/events.c @@ -1116,13 +1116,14 @@ NoticeEventTime(InternalEvent *ev) void EnqueueEvent(InternalEvent *ev, DeviceIntPtr device) { - QdEventPtr tail; + QdEventPtr tail = NULL; QdEventPtr qe; SpritePtr pSprite = device->spriteInfo->sprite; int eventlen; DeviceEvent *event = &ev->device_event; - tail = list_last_entry(&syncEvents.pending, QdEventRec, next); + if (!list_is_empty(&syncEvents.pending)) + tail = list_last_entry(&syncEvents.pending, QdEventRec, next); NoticeTime((InternalEvent*)event); -- 1.7.7.1 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
