On Mon, Feb 13, 2012 at 04:00:47PM -0800, Chase Douglas wrote: > When copying the touch class, the VCP has its own touches array. The > length of this array must be kept alongside the array itself or we get > memory corruption. > > Signed-off-by: Chase Douglas <[email protected]> > --- > Xi/exevents.c | 9 ++++++--- > 1 files changed, 6 insertions(+), 3 deletions(-) > > diff --git a/Xi/exevents.c b/Xi/exevents.c > index 671c051..51f991c 100644 > --- a/Xi/exevents.c > +++ b/Xi/exevents.c > @@ -671,7 +671,8 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to) > > if (from->touch) > { > - TouchPointInfoPtr tmp; > + TouchPointInfoPtr to_touches_array_tmp; > + int to_num_touches_tmp; > if (!to->touch) > { > classes = to->unused_classes; > @@ -692,9 +693,11 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr > to) > } else > classes->touch = NULL; > } > - tmp = to->touch->touches; > + to_touches_array_tmp = to->touch->touches; > + to_num_touches_tmp = to->touch->num_touches; > memcpy(to->touch, from->touch, sizeof(TouchClassRec)); > - to->touch->touches = tmp; > + to->touch->touches = to_touches_array_tmp; > + to->touch->num_touches = to_num_touches_tmp; > to->touch->sourceid = from->id; > } else if (to->touch) > { > -- > 1.7.9
quite frankly, I think copying the fields separately instead of a memcpy and then overwrite-back is the better idea here. with a rather simple test-case, we can also ensure that this doesn't break when the class changes. Cheers, Peter _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
