An empty list points to itself but syncEvents has the list head only and is
of a different format than the elements. Thus, casting it to a QdEventPtr
gives us garbage.

Segfaults with XTS test case Xlib13/XGrabKeyboard

Introduced in 7af23259d88f4c28ed21140f82cc03b3724c06bb.

Reported-by: Aaron Plattner <[email protected]>
Signed-off-by: Peter Hutterer <[email protected]>
---
 dix/events.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/dix/events.c b/dix/events.c
index 48cf7a2..d802903 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1116,13 +1116,14 @@ NoticeEventTime(InternalEvent *ev)
 void
 EnqueueEvent(InternalEvent *ev, DeviceIntPtr device)
 {
-    QdEventPtr tail;
+    QdEventPtr tail = NULL;
     QdEventPtr qe;
     SpritePtr  pSprite = device->spriteInfo->sprite;
     int                eventlen;
     DeviceEvent *event = &ev->device_event;
 
-    tail = list_last_entry(&syncEvents.pending, QdEventRec, next);
+    if (!list_is_empty(&syncEvents.pending))
+        tail = list_last_entry(&syncEvents.pending, QdEventRec, next);
 
     NoticeTime((InternalEvent*)event);
 
-- 
1.7.7.1
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to