From 9d6b8365702e4648e793fea21ad22f7174558680 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Fri, 28 Sep 2012 11:49:29 +1000 Subject: [PATCH] dix: fix crash on XI 1.x grabs on disabled devices. (#54934) If the device is disabled, the sprite window is NULL and dereferencing crashes the server. This is only triggered for XI 1.x grabs (ProcXGrabDevice) as XI2 grabs would trigger another code path, creating a sprite for the disabled device as if detaching it (which is wrong and fixed with this patch too). Grabbing a disabled device doesn't make sense as it won't send events anyway. However, the protocol specs do not prohibit it, so we need to keep it working. Luckily, oldWin is only used for focus out events, which aren't necessary given that the device is disabled. X.Org Bug 54934 Signed-off-by: Peter Hutterer Reviewed-by: Chase Douglas --- dix/events.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dix/events.c b/dix/events.c index 3b40446..c0e330b 100644 --- a/dix/events.c +++ b/dix/events.c @@ -1555,11 +1555,13 @@ ActivateKeyboardGrab(DeviceIntPtr keybd, GrabPtr grab, TimeStamp time, WindowPtr oldWin; /* slave devices need to float for the duration of the grab. */ - if (grab->grabtype == XI2 && + if (grab->grabtype == XI2 && keybd->enabled && !(passive & ImplicitGrabMask) && !IsMaster(keybd)) DetachFromMaster(keybd); - if (grabinfo->grab) + if (!keybd->enabled) + oldWin = NULL; + else if (grabinfo->grab) oldWin = grabinfo->grab->window; else if (keybd->focus) oldWin = keybd->focus->win; @@ -1569,7 +1571,8 @@ ActivateKeyboardGrab(DeviceIntPtr keybd, GrabPtr grab, TimeStamp time, oldWin = keybd->focus->win; if (keybd->valuator) keybd->valuator->motionHintWindow = NullWindow; - DoFocusEvents(keybd, oldWin, grab->window, NotifyGrab); + if (oldWin) + DoFocusEvents(keybd, oldWin, grab->window, NotifyGrab); if (syncEvents.playingEvents) grabinfo->grabTime = syncEvents.time; else -- 1.7.11.7