rpms/xorg-x11-server/devel xserver-1.5.2-more-sanity-checks.patch, NONE, 1.1 xorg-x11-server.spec, 1.374, 1.375

[Peter Hutterer]

Author: whot

Update of /cvs/pkgs/rpms/xorg-x11-server/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5754

Modified Files:
	xorg-x11-server.spec 
Added Files:
	xserver-1.5.2-more-sanity-checks.patch 
Log Message:
* Mon Oct 27 2008 Peter Hutterer <peter.hutterer at redhat.com> 1.5.2-9
- xserver-1.5.2-more-sanity-checks.patch: more sanity checks to stop vmmouse
  from segfaulting the server. #434807




xserver-1.5.2-more-sanity-checks.patch:

--- NEW FILE xserver-1.5.2-more-sanity-checks.patch ---
>From 30c077f228f563e4e1f4115b345577d9fd393b68 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer at redhat.com>
Date: Fri, 24 Oct 2008 15:06:49 +1030
Subject: [PATCH] dix: extra sanity-checks against potential NULL-dereferences. #434807

Two minor code paths could potentially crash the server:
- if scr is NULL, we shouldn't try to dereference it.
- if GPE is called with buttons != 0 but the event is not a
  ButtonPress or ButtonRelease, the button mapping may dereference a NULL
  pointer.

Admittedly the second should never happen, but better to guard against it.
---
 dix/getevents.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/dix/getevents.c b/dix/getevents.c
index 1e0edbf..923744d 100644
--- a/dix/getevents.c
+++ b/dix/getevents.c
@@ -537,6 +537,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
     ScreenPtr scr = miPointerGetScreen(pDev);
 
     /* Sanity checks. */
+    if (!scr)
+        return 0;
+
     if (type != MotionNotify && type != ButtonPress && type != ButtonRelease)
         return 0;
 
@@ -548,6 +551,9 @@ GetPointerEvents(xEvent *events, DeviceIntPtr pDev, int type, int buttons,
     if (!pDev->valuator)
         return 0;
 
+    if (buttons && !pDev->button)
+        return 0;
+
     if (!coreOnly && pDev->coreEvents)
         num_events = 2;
     else
-- 
1.6.0.3



Index: xorg-x11-server.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xorg-x11-server/devel/xorg-x11-server.spec,v
retrieving revision 1.374
retrieving revision 1.375
diff -u -r1.374 -r1.375
--- xorg-x11-server.spec	22 Oct 2008 06:12:03 -0000	1.374
+++ xorg-x11-server.spec	27 Oct 2008 00:56:04 -0000	1.375
@@ -19,7 +19,7 @@
 Summary:   X.Org X11 X server
 Name:      xorg-x11-server
 Version:   1.5.2
-Release:   8%{?dist}
+Release:   9%{?dist}
 URL:       http://www.x.org
 License:   MIT
 Group:     User Interface/X
@@ -95,6 +95,9 @@
 # exa performance fix
 Patch6011: xserver-1.5.2-exa-sync-less.patch
 
+# Bug 434807
+Patch6012: xserver-1.5.2-more-sanity-checks.patch
+
 %define moduledir	%{_libdir}/xorg/modules
 %define drimoduledir	%{_libdir}/dri
 %define sdkdir		%{_includedir}/xorg
@@ -525,6 +528,10 @@
 
 
 %changelog
+* Mon Oct 27 2008 Peter Hutterer <peter.hutterer at redhat.com> 1.5.2-9
+- xserver-1.5.2-more-sanity-checks.patch: more sanity checks to stop vmmouse
+  from segfaulting the server. #434807
+
 * Wed Oct 22 2008 Peter Hutterer <peter.hutterer at redhat.com>
 - Update xserver-1.5.2-disable-kbd-mouse.patch: add line to xorg.conf man-page
   stating that devices are disabled if AEI is on.