[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freedesktop-xorg
Subject:    [xf86-input-evdev][PATCH] links to event nodes
From:       "Christian Aistleitner" <kpdh2t () gmx ! net>
Date:       2007-02-28 23:19:47
Message-ID: op.tohe29s427bul7 () spencer ! aistleitner ! info
[Download RAW message or body]

Hello,

I use xf86-input-evdev 1.1.5.

If there is some (symbolic) link
/dev/input/eventX
pointing towards
/dev/input/eventY
and the xorg config file uses the device described by either of these two  
files, the result is a segfault at startup of the xorg server.
I know it's rather evil to have such a link in /dev/input in first place.

Within the funciton EvdevCorePreInit of src/evdev.ce, evdevNewDriver is  
called. This (among other things) calls evdevScanDevice for
/dev/input/eventX
and also for the device of
/dev/input/eventY
. The first of these two calls succeed. In the second call, the message  
DEVICE_ON is sent to the device->pInfo->dev via device->callback. But as  
device->pInfo->dev has not yet been initialized, it is still NULL.
When calling the callback, the first line of EvdevProc of src/evdev.c  
tries to evaluate
device->public.devicePrivate
, where device now resolves to NULL as described above. Hence a segfault.

The attached patch adds a sanity check to the message handling function  
EvdevProc of src/evdev.c and resolves the problem.

Kind regards,
Christian
["fix_dev_links.diff" (fix_dev_links.diff)]

diff -Naur src/evdev.c src2/evdev.c
--- src/evdev.c	2006-11-02 02:42:14.000000000 +0100
+++ src/evdev.c	2007-02-28 23:12:08.000000000 +0100
@@ -139,6 +139,9 @@
 static int
 EvdevProc(DeviceIntPtr device, int what)
 {
+    if (!device)
+	return BadRequest;
+
     InputInfoPtr pInfo = device->public.devicePrivate;
     evdevDevicePtr pEvdev = pInfo->private;
 


[prev in list] [next in list] [prev in thread] [next in thread]