Fix crash when the first detected input device gets removed (rhbz#1381840)

This commit is contained in:
Hans de Goede 2016-10-05 15:59:38 +02:00
parent a820dd64bc
commit 7ef1303a3f
2 changed files with 92 additions and 1 deletions

View File

@ -0,0 +1,86 @@
From 38c5bc5e4974157131cda7647dde7b0f6ca6843e Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 5 Oct 2016 15:21:57 +0200
Subject: [PATCH xf86-input-libinput] Fix crash when using threaded input and
the first device goes away
When the xserver uses threaded input, it keeps a pointer to the InputInfo
passed into xf86AddEnabledDevice and calls pointer->read_input on events.
But when the first enabled device goes away the pInfo we've passed into
xf86AddEnabledDevice gets freed and eventually pInfo->read_input gets
overwritten (or pInfo points to unmapped memory) leading to a segfault.
This commit fixes this by replacing the pInfo passed into
xf86AddEnabledDevice with a pointer to a global InputInfo stored inside
the driver_context struct.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
src/xf86libinput.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/src/xf86libinput.c b/src/xf86libinput.c
index 21f87f5..485e212 100644
--- a/src/xf86libinput.c
+++ b/src/xf86libinput.c
@@ -86,6 +86,7 @@
struct xf86libinput_driver {
struct libinput *libinput;
+ struct _InputInfoRec InputInfo;
int device_enabled_count;
};
@@ -582,7 +583,17 @@ xf86libinput_on(DeviceIntPtr dev)
if (driver_context.device_enabled_count == 0) {
#if HAVE_THREADED_INPUT
- xf86AddEnabledDevice(pInfo);
+ /*
+ * The xserver keeps a pointer to the InputInfo passed into
+ * xf86AddEnabledDevice and calls pointer->read_input on
+ * events. Thus we cannot simply pass in our current pInfo
+ * as that will be deleted when the current input device gets
+ * unplugged. Instead pass in a pointer to a global
+ * InputInfo inside the driver_context.
+ */
+ driver_context.InputInfo.fd = pInfo->fd;
+ driver_context.InputInfo.read_input = pInfo->read_input;
+ xf86AddEnabledDevice(&driver_context.InputInfo);
#else
/* Can't use xf86AddEnabledDevice on an epollfd */
AddEnabledDevice(pInfo->fd);
@@ -606,7 +617,7 @@ xf86libinput_off(DeviceIntPtr dev)
if (--driver_context.device_enabled_count == 0) {
#if HAVE_THREADED_INPUT
- xf86RemoveEnabledDevice(pInfo);
+ xf86RemoveEnabledDevice(&driver_context.InputInfo);
#else
RemoveEnabledDevice(pInfo->fd);
#endif
@@ -1923,7 +1934,7 @@ out:
}
static void
-xf86libinput_read_input(InputInfoPtr pInfo)
+xf86libinput_read_input(InputInfoPtr do_not_use)
{
struct libinput *libinput = driver_context.libinput;
int rc;
@@ -1934,9 +1945,8 @@ xf86libinput_read_input(InputInfoPtr pInfo)
return;
if (rc < 0) {
- xf86IDrvMsg(pInfo, X_ERROR,
- "Error reading events: %s\n",
- strerror(-rc));
+ xf86Msg(X_ERROR, "Error reading libinput events: %s\n",
+ strerror(-rc));
return;
}
--
2.9.3

View File

@ -7,7 +7,7 @@
Summary: Xorg X11 libinput input driver
Name: xorg-x11-drv-libinput
Version: 0.19.1
Release: 2%{?gitrev}%{?dist}
Release: 3%{?gitrev}%{?dist}
URL: http://www.x.org
License: MIT
@ -16,6 +16,7 @@ Source0: %{tarball}-%{gitdate}.tar.xz
%else
Source0: ftp://ftp.x.org/pub/individual/driver/%{tarball}-%{version}.tar.bz2
%endif
Patch1: 0001-Fix-crash-when-using-threaded-input-and-the-first-de.patch
ExcludeArch: s390 s390x
@ -35,6 +36,7 @@ supporting all devices.
%prep
%setup -q -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{dirsuffix}}
%patch1 -p1
%build
autoreconf --force -v --install || exit 1
@ -72,6 +74,9 @@ Xorg X11 libinput input driver development files.
%{_includedir}/xorg/libinput-properties.h
%changelog
* Thu Sep 29 2016 Hans de Goede <hdegoede@redhat.com> 0.19.1-3.20160929
- Fix crash when the first detected input device gets removed (rhbz#1381840)
* Thu Sep 29 2016 Hans de Goede <hdegoede@redhat.com> 0.19.1-2.20160929
- Update to latest git master for use with xserver-1.19
- Rebuild against xserver-1.19