Using client->clientAsMask as resource for implicit passive grabs causes resource conflict with client-allocated resources. Freeing the passive grab frees all resources with that ID, so arbitrary resources can get freed while still in use. This causes random crashes.
Signed-off-by: Peter Hutterer <[email protected]> --- Keith reminded me that FakeClientID() will re-use IDs already freed, so the dance with special IDs isn't necessary. Hidden bonus: this was my first attempt of this patch anyway and I've had 3 days without a crash with this patch. dix/events.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dix/events.c b/dix/events.c index 39350bc..81e3e01 100644 --- a/dix/events.c +++ b/dix/events.c @@ -1983,7 +1983,7 @@ ActivateImplicitGrab(DeviceIntPtr dev, ClientPtr client, WindowPtr win, return FALSE; tempGrab->next = NULL; tempGrab->device = dev; - tempGrab->resource = client->clientAsMask; + tempGrab->resource = FakeClientID(client->index); tempGrab->window = win; tempGrab->ownerEvents = (deliveryMask & OwnerGrabButtonMask) ? TRUE : FALSE; tempGrab->eventMask = deliveryMask; -- 1.7.11.7 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
