[xf86-input-libinput] Ignore LED updates for disabled devices

Submitted by Peter Hutterer on Dec. 20, 2016, 10:09 a.m.

Details

Message ID 20161220100943.GA6160@jelly
State Accepted
Headers show
Series "Ignore LED updates for disabled devices" ( rev: 1 ) in X.org

Not browsing as part of any series.

Commit Message

Peter Hutterer Dec. 20, 2016, 10:09 a.m.
If an XKB AccessX timeout is set and a VT switch is triggered, the
AccessXTimeoutExpire function may be called after the device has already been
disabled. This can cause a null-pointer dereference as our shared libinput
device may have been released by then.

In the legacy drivers this would've simply caused a write to an invalid fd
(-1), not a crash. Here we need to be more careful.

https://bugs.freedesktop.org/show_bug.cgi?id=98464

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 src/xf86libinput.c | 3 +++
 1 file changed, 3 insertions(+)

Patch hide | download patch | download mbox

diff --git a/src/xf86libinput.c b/src/xf86libinput.c
index b130a77..fd38c3b 100644
--- a/src/xf86libinput.c
+++ b/src/xf86libinput.c
@@ -785,6 +785,9 @@  xf86libinput_kbd_ctrl(DeviceIntPtr device, KeybdCtrl *ctrl)
     struct xf86libinput *driver_data = pInfo->private;
     struct libinput_device *ldevice = driver_data->shared_device->device;
 
+    if (!device->enabled)
+	    return;
+
     while (bits[i].xbit) {
 	    if (ctrl->leds & bits[i].xbit)
 		    leds |= bits[i].code;

Comments

Hi,

On 20-12-16 11:09, Peter Hutterer wrote:
> If an XKB AccessX timeout is set and a VT switch is triggered, the
> AccessXTimeoutExpire function may be called after the device has already been
> disabled. This can cause a null-pointer dereference as our shared libinput
> device may have been released by then.
>
> In the legacy drivers this would've simply caused a write to an invalid fd
> (-1), not a crash. Here we need to be more careful.
>
> https://bugs.freedesktop.org/show_bug.cgi?id=98464
>
> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Patch LGTM:

Reviewed-by: Hans de Goede <hdegoede@redhat.com>

Regards,

Hans



> ---
>  src/xf86libinput.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/src/xf86libinput.c b/src/xf86libinput.c
> index b130a77..fd38c3b 100644
> --- a/src/xf86libinput.c
> +++ b/src/xf86libinput.c
> @@ -785,6 +785,9 @@ xf86libinput_kbd_ctrl(DeviceIntPtr device, KeybdCtrl *ctrl)
>      struct xf86libinput *driver_data = pInfo->private;
>      struct libinput_device *ldevice = driver_data->shared_device->device;
>
> +    if (!device->enabled)
> +	    return;
> +
>      while (bits[i].xbit) {
>  	    if (ctrl->leds & bits[i].xbit)
>  		    leds |= bits[i].code;
>