Bug 92736

Summary: Weston crash when touch->focus null
Product: Wayland Reporter: Guanghua Tan <starxforever>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: medium    
Version: unspecified   
Hardware: ARM   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Fix grap_touch_down

Description Guanghua Tan 2015-10-30 12:43:17 UTC 
We met an issue when upgrading weston from 1.8.0 to 1.9.0

Some touchsreen will generate coordinate out of screen.

For example, touch screen regist max_axis_x is N, but sometime it raise a axis_x value bigger than N for some caculation issues. this event will cause weston crash.

Limit the input_event inside touchscreen driver will avoid this issue. But on my opinion, fault tolerant is needed inside weston.

Review the change history of weston 1.9.0,maybe this issue is cause by following commit:
    
author	Giulio Camuffo <giuliocamuffo@gmail.com>	2015-07-08 08:55:28 (GMT)
committer	Daniel Stone <daniels@collabora.com>	2015-08-06 15:21:01 (GMT)
commit	61ed7b6bf06895b6e0ac8e3c5fff12e491449fd9 (patch)
tree	d8f6e0861a0ca847edd51452d6f493821eddc729
parent	7239d74bb3d43c46c958079e7c8f759371599455 (diff)
input: pass the global touch coordinates to the touch grab
Comment 1 Guanghua Tan 2015-11-02 04:20:53 UTC 
Created attachment 119331 [details] [review]
Fix grap_touch_down

check touch->focus before call "weston_view_from_global_fixed"
Comment 2 Guanghua Tan 2015-11-02 04:21:54 UTC 
After debug into weston codes, I find this crash issue is really caused by following commit:

   input: pass the global touch coordinates to the touch grab

in this commit, a call to "weston_view_from_global_fixed" is added but no check to touch->focus.

weston will crash when touch->focus is null.

It do have the null check on touch->focus before call to "wl_touch_send_down".

this crash only happens in "default_grab_touch_down()".

so i solved it as attached patch file shows.
Comment 3 Bryce Harrington 2016-02-02 18:38:54 UTC 
Thanks Guanghua, good find.  Looks like we were checking the pointer in the function, but only after it was used.

I've pushed a slightly modified version of your patch to trunk.  Thanks again!

commit 2c40d1d30eabe46706822a8b5c94579aeba58e84
Author:     Bryce Harrington <bryce@bryceharrington.org>
AuthorDate: Tue Feb 2 10:18:48 2016 -0800
Commit:     Bryce Harrington <bryce@bryceharrington.org>
CommitDate: Tue Feb 2 10:36:44 2016 -0800

    input: Fix crash when touchscreen generates out of screen coordinate
    
    With change 61ed7b6b, global touch coordinates are being passed to the
    touch grab.  However, touch->grab is undefined in certain circumstances
    such as when the touch screen raises an axis X value larger than the
    maximum expected.  Move the check for this condition earlier, before our
    first use of the pointer.
    
    Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=92736
    
    Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
    Reviewed-by: Derek Foreman <derekf@osg.samsung.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.