If an XKB AccessX timeout is set and a VT switch is triggered, the AccessXTimeoutExpire function may be called after the device has already been disabled. This can cause a null-pointer dereference as our shared libinput device may have been released by then.
In the legacy drivers this would've simply caused a write to an invalid fd (-1), not a crash. Here we need to be more careful. https://bugs.freedesktop.org/show_bug.cgi?id=98464 Signed-off-by: Peter Hutterer <[email protected]> --- src/xf86libinput.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/xf86libinput.c b/src/xf86libinput.c index b130a77..fd38c3b 100644 --- a/src/xf86libinput.c +++ b/src/xf86libinput.c @@ -785,6 +785,9 @@ xf86libinput_kbd_ctrl(DeviceIntPtr device, KeybdCtrl *ctrl) struct xf86libinput *driver_data = pInfo->private; struct libinput_device *ldevice = driver_data->shared_device->device; + if (!device->enabled) + return; + while (bits[i].xbit) { if (ctrl->leds & bits[i].xbit) leds |= bits[i].code; -- 2.9.3 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
