-
Xwayland would crash in some circumstances while trying to issue a pointer locking when the cursor is hidden when there is no seat focus window set. The crash signature looks like: #0 zwp_pointer_constraints_v1_lock_pointer () #1 xwl_pointer_warp_emulator_lock () at xwayland-input.c:2584 #2 xwl_seat_maybe_lock_on_hidden_cursor () at xwayland-input.c:2756 #3 xwl_seat_maybe_lock_on_hidden_cursor () at xwayland-input.c:2765 #4 xwl_seat_cursor_visibility_changed () at xwayland-input.c:2768 #5 xwl_set_cursor () at xwayland-cursor.c:245 #6 miPointerUpdateSprite () at mipointer.c:468 #7 miPointerDisplayCursor () at mipointer.c:206 #8 CursorDisplayCursor () at cursor.c:150 #9 AnimCurDisplayCursor () at animcur.c:220 #10 ChangeToCursor () at events.c:936 #11 ActivatePointerGrab () at events.c:1542 #12 GrabDevice () at events.c:5120 #13 ProcGrabPointer () at events.c:4908 #14 Dispatch () at dispatch.c:478 #15 dix_main () at main.c:276 xwl_pointer_warp_emulator_lock() tries to use the surface from the xwl_seat->focus_window leading to a NULL pointer dereference when that value is NULL. Check that xwl_seat->focus_window is not NULL earlier in the stack in xwl_seat_maybe_lock_on_hidden_cursor() and return early if not the case to avoid the crash. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=102474 Signed-off-by:
Olivier Fourdan <ofourdan@redhat.com> Acked-by:
Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by:
cdd0352b
