Commit 0a074463 authored by Olivier Fourdan's avatar Olivier Fourdan Committed by Olivier Fourdan

xwayland: Avoid a crash on pointer enter with a grab

On pointer enter notification, Xwayland checks for an existing pointer
warp with a `NULL` sprite.

In turn, `xwl_pointer_warp_emulator_maybe_lock()` checks for an existing
grab and the destination window using `XYToWindow()` which does not
check for the actual sprite not being `NULL`.

So, in some cases, when the pointer enters the surface and there is an
existing X11 grab which is not an ownerEvents grab, Xwayland would crash
trying to dereference the `NULL` sprite pointer:

  #0  __GI_raise ()
  #1  __GI_abort () at abort.c:79
  #2  OsAbort () at utils.c:1351
  #3  AbortServer () at log.c:879
  #4  FatalError () at log.c:1017
  #5  OsSigHandler () at osinit.c:156
  #6  OsSigHandler () at osinit.c:110
  #7  <signal handler called>
  #8  XYToWindow (pSprite=0x0, x=0, y=0) at events.c:2880
  #9  xwl_pointer_warp_emulator_maybe_lock () at xwayland-input.c:2673
  #10 pointer_handle_enter () at xwayland-input.c:434

Avoid the crash by simply checking for the sprite being not `NULL` in
`xwl_pointer_warp_emulator_maybe_lock()`
Signed-off-by: 's avatarOlivier Fourdan <ofourdan@redhat.com>
Bugzilla: https://bugzilla.redhat.com/1708119
parent 965eda94
......@@ -2661,6 +2661,7 @@ xwl_pointer_warp_emulator_maybe_lock(struct xwl_pointer_warp_emulator *warp_emul
*/
if (pointer_grab &&
!pointer_grab->ownerEvents &&
sprite &&
XYToWindow(sprite, x, y) != xwl_seat->focus_window->window)
return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment