On 08/29/2012 11:54 PM, Peter Hutterer wrote:
When disabling the device, reset num_active_touches to zero. Otherwise,
num_active_touches stays at the value it was on DeviceOff(). Future touches
add to that value until the index may go past priv->open_slots[].
That causes spurious memory corruption on touch ends.
And as of 55fc42e7c9b4948cadd4f98ef7b6a3b12e268e3e we ignore pre-existing
touches anyway.
Test-case:
- place num_touches fingers on the touchpad
- xinput disable <device>
- lift fingers
- xinput enable <device>
- place finger on device, num_active_touches is now (num_touches + 1)
X.Org Bug 52496 <http://bugs.freedesktop.org/show_bug.cgi?id=52496>
Signed-off-by: Peter Hutterer <[email protected]>
---
src/synaptics.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/synaptics.c b/src/synaptics.c
index 27a37d7..0472197 100644
--- a/src/synaptics.c
+++ b/src/synaptics.c
@@ -977,6 +977,7 @@ SynapticsReset(SynapticsPrivate * priv)
priv->lastButtons = 0;
priv->prev_z = 0;
priv->prevFingers = 0;
+ priv->num_active_touches = 0;
memset(priv->open_slots, 0, priv->num_slots * sizeof(int));
}
@@ -2611,6 +2612,7 @@ UpdateTouchState(InputInfoPtr pInfo, struct
SynapticsHwState *hw)
if (hw->slot_state[i] == SLOTSTATE_OPEN) {
priv->open_slots[priv->num_active_touches] = i;
priv->num_active_touches++;
+ BUG_WARN(priv->num_active_touches > priv->num_slots);
}
else if (hw->slot_state[i] == SLOTSTATE_CLOSE) {
Bool found = FALSE;
Ugh, I thought we caught all of these...
Reviewed-by: Chase Douglas <[email protected]>
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
