19064 – FixUpEventFromWindow called with event with uninitialized u.u.type

Bug 19064 - FixUpEventFromWindow called with event with uninitialized u.u.type

Summary: FixUpEventFromWindow called with event with uninitialized u.u.type

Status:	RESOLVED FIXED

Alias:	None

Product:	xorg
Classification:	Unclassified
Component:	Server/General (show other bugs)
Version:	git
Hardware:	All All

Importance:	medium normal
Assignee:	Xorg Project Team
QA Contact:	Xorg Project Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-12-12 15:16 UTC by Pierre Willenbrock
Modified:	2008-12-14 17:26 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
Setup u.u.type before trying to FixUpEventFromWindow (735 bytes, patch) 2008-12-12 15:16 UTC, Pierre Willenbrock	no flags	Details \| Splinter Review
View All

Description Pierre Willenbrock 2008-12-12 15:16:45 UTC

Created attachment 21108 [details] [review]
Setup u.u.type before trying to FixUpEventFromWindow

DeviceEnterLeaveEvent calls FixUpEventFromWindow with a locally created xEvent with u.u.type unset. FixUpEventFromWindow checks if this member is GenericEvent or bails out. Valgrind did not complain about further problems in this context.

Comment 1 Peter Hutterer 2008-12-12 21:48:27 UTC

device enter/leave events aren't generic events, the patch should look more
like this:

From 1f2e3df2fa5e2235149196bc7f01b13ddbe668a5 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Sat, 13 Dec 2008 15:44:52 +1000
Subject: [PATCH] dix: Init DeviceEnterLeave event's type before FixUpEventFromWindow (#19064)

X.Org Bug 19064 <http://bugs.freedesktop.org/show_bug.cgi?id=19064>
---
 dix/events.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/dix/events.c b/dix/events.c
index e0a64fa..f763b86 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -4320,6 +4320,7 @@ DeviceEnterLeaveEvent(
     /* we don't have enough bytes, so we squash flags and mode into
        one byte, and use the last byte for the deviceid. */
     devEnterLeave           = (deviceEnterNotify*)&event;
+    devEnterLeave->type     = type;
     devEnterLeave->detail   = detail;
     devEnterLeave->time     = currentTime.milliseconds;
     devEnterLeave->rootX    = mouse->spriteInfo->sprite->hot.x;
@@ -4328,7 +4329,6 @@ DeviceEnterLeaveEvent(
     sameScreen = event.u.keyButtonPointer.sameScreen;
 
     devEnterLeave->child    = child;
-    devEnterLeave->type     = type;
     devEnterLeave->deviceid = mouse->id;
     devEnterLeave->mode     = mode;
     devEnterLeave->mode    |= (sameScreen ?  (ELFlagSameScreen << 4) : 0);

Comment 2 Peter Hutterer 2008-12-14 17:26:41 UTC

Pushed as 6383bc93b2ae76361a58653bc7e291df0d6ddfec. Thanks for the report.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.