acpid 2.0.17 introduced two new video ACPI events: - video/tabletmode TBLT off - video/tabletmode TBLT on
Xorg segfaults when receiving these events as the current code in lnxACPIGetEventFromOs() expects the event to be of the form "video/* <str> <ulong> <ulong>" When receiving one of the new events, the last strtok() returns NULL instead of a pointer to the next substring and strtoul() is called on that nullpointer, resulting in a segfault. This patch checks each return value of strtok() to be !NULL and immediately returns 0 if a NULL occurs. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=55329 Signed-off-by: Evgeni Golov <[email protected]> --- hw/xfree86/os-support/linux/lnx_acpi.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/xfree86/os-support/linux/lnx_acpi.c b/hw/xfree86/os-support/linux/lnx_acpi.c index d98efa2..5b82ca5 100644 --- a/hw/xfree86/os-support/linux/lnx_acpi.c +++ b/hw/xfree86/os-support/linux/lnx_acpi.c @@ -81,19 +81,27 @@ lnxACPIGetEventFromOs(int fd, pmEvent * events, int num) unsigned long int notify_l, data_l; video = strtok(ev, " "); + if (!video) + return 0; GFX = strtok(NULL, " "); + if (!GFX) + return 0; #if 0 ErrorF("GFX: %s\n", GFX); #endif notify = strtok(NULL, " "); + if (!notify) + return 0; notify_l = strtoul(notify, NULL, 16); #if 0 ErrorF("notify: 0x%lx\n", notify_l); #endif data = strtok(NULL, " "); + if (!data) + return 0; data_l = strtoul(data, NULL, 16); #if 0 ErrorF("data: 0x%lx\n", data_l); -- 1.7.10.4 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
