During the InitInput() phase, the wayland events get dequeued so we can possibly end up calling dispatch_pointer_motion_event().
If this occurs before xwl_seat->focus_window is set, it leads to a NULL pointer derefence and a segfault. Check for xwl_seat->focus_window in both pointer_handle_frame() and relative_pointer_handle_relative_motion() prior to calling dispatch_pointer_motion_event() like it's done in pointer_handle_motion(). Bugzilla: https://bugzilla.redhat.com/1410804 Signed-off-by: Olivier Fourdan <[email protected]> --- hw/xwayland/xwayland-input.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c index 8435da0..9c1581f 100644 --- a/hw/xwayland/xwayland-input.c +++ b/hw/xwayland/xwayland-input.c @@ -510,6 +510,9 @@ pointer_handle_frame(void *data, struct wl_pointer *wl_pointer) { struct xwl_seat *xwl_seat = data; + if (!xwl_seat->focus_window) + return; + dispatch_pointer_motion_event(xwl_seat); } @@ -560,6 +563,9 @@ relative_pointer_handle_relative_motion(void *data, xwl_seat->pending_pointer_event.dx_unaccel = wl_fixed_to_double(dx_unaccelf); xwl_seat->pending_pointer_event.dy_unaccel = wl_fixed_to_double(dy_unaccelf); + if (!xwl_seat->focus_window) + return; + if (wl_proxy_get_version((struct wl_proxy *) xwl_seat->wl_pointer) < 5) dispatch_pointer_motion_event(xwl_seat); } -- 2.9.3 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
