debian/patches/xi-dont-copy-too-much.patch

   1 commit 56929f41e6c4cc1b2d72a33d14b4d993e7b613a3
   2 Author: Peter Hutterer <peter.hutterer@who-t.net>
   3 Date:   Tue Apr 29 16:52:01 2014 +1000
   4
   5     Xi: don't copy a DeviceEvent into an InternalEvent
   6
   7     ==26141== Invalid read of size 8
   8     ==26141==    at 0x58FAEA: DeliverEmulatedMotionEvent (exevents.c:1484)
   9
  10     An InternalEvent is bigger than a DeviceEvent, thus copying one to the other
  11     reads past the allocated boundary. Shouldn't have any real effect since we
  12     shouldn't access anything past the DeviceEvent boundary if the event type is
  13     correct.
  14
  15     Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
  16
  17 --- a/Xi/exevents.c
  18 +++ b/Xi/exevents.c
  19 @@ -1469,7 +1469,7 @@ static void
  20  DeliverEmulatedMotionEvent(DeviceIntPtr dev, TouchPointInfoPtr ti,
  21                             InternalEvent *ev)
  22  {
  23 -    InternalEvent motion;
  24 +    DeviceEvent motion;
  25
  26      if (ti->num_listeners) {
  27          ClientPtr client;
  28 @@ -1481,11 +1481,11 @@ DeliverEmulatedMotionEvent(DeviceIntPtr
  29              ti->listeners[0].type != LISTENER_POINTER_GRAB)
  30              return;
  31
  32 -        motion = *ev;
  33 -        motion.any.type = ET_TouchUpdate;
  34 -        motion.device_event.detail.button = 0;
  35 +        motion = ev->device_event;
  36 +        motion.type = ET_TouchUpdate;
  37 +        motion.detail.button = 0;
  38
  39 -        if (!RetrieveTouchDeliveryData(dev, ti, &motion,
  40 +        if (!RetrieveTouchDeliveryData(dev, ti, (InternalEvent*)&motion,
  41                                         &ti->listeners[0], &client, &win, &grab,
  42                                         &mask))
  43              return;
  44 @@ -1500,18 +1500,18 @@ DeliverEmulatedMotionEvent(DeviceIntPtr
  45              }
  46          }
  47
  48 -        DeliverTouchEmulatedEvent(dev, ti, &motion, &ti->listeners[0], client,
  49 +        DeliverTouchEmulatedEvent(dev, ti, (InternalEvent*)&motion, &ti->listeners[0], client,
  50                                    win, grab, mask);
  51      }
  52      else {
  53          InternalEvent button;
  54          int converted;
  55
  56 -        converted = TouchConvertToPointerEvent(ev, &motion, &button);
  57 +        converted = TouchConvertToPointerEvent(ev, (InternalEvent*)&motion, &button);
  58
  59          BUG_WARN(converted == 0);
  60          if (converted)
  61 -            ProcessOtherEvent(&motion, dev);
  62 +            ProcessOtherEvent((InternalEvent*)&motion, dev);
  63      }
  64  }
  65