'[kwayland] /: [client] Fix nullptr dereference in ConfinedPointer and LockedPointer'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    [kwayland] /: [client] Fix nullptr dereference in ConfinedPointer and LockedPointer
From:       Martin_Gräßlin <mgraesslin () kde ! org>
Date:       2016-11-25 12:16:22
Message-ID: E1cAFQU-0005q3-7E () code ! kde ! org
[Download RAW message or body]

Git commit 4d0fa16741b372bdf262a55bc8e42525cf0f291b by Martin Gräßlin.
Committed on 25/11/2016 at 12:14.
Pushed by graesslin into branch 'master'.

[client] Fix nullptr dereference in ConfinedPointer and LockedPointer

The setRegion call allows a null region. This means nullptr is an
allowed value which can be passed to ConfinedPointer::setRegion and
LockedPointer::setRegion.

In that case we crash if we try to convert the Region into a wl_region.
Thus add proper nullptr check, just like in
PointerConstraints::lockPointer and ::confinePointer.

Auto test adjusted to cover the condition.

M  +10   -0    autotests/client/test_pointer_constraints.cpp
M  +10   -2    src/client/pointerconstraints.cpp

https://commits.kde.org/kwayland/4d0fa16741b372bdf262a55bc8e42525cf0f291b

diff --git a/autotests/client/test_pointer_constraints.cpp \
b/autotests/client/test_pointer_constraints.cpp index d2f2e75..5c7be6b 100644
--- a/autotests/client/test_pointer_constraints.cpp
+++ b/autotests/client/test_pointer_constraints.cpp
@@ -226,6 +226,11 @@ void TestPointerConstraints::testLockPointer()
     surface->commit(Surface::CommitFlag::None);
     QVERIFY(regionChangedSpy.wait());
     QCOMPARE(serverLockedPointer->region(), QRegion(0, 5, 10, 20));
+    // and unset region again
+    lockedPointer->setRegion(nullptr);
+    surface->commit(Surface::CommitFlag::None);
+    QVERIFY(regionChangedSpy.wait());
+    QCOMPARE(serverLockedPointer->region(), QRegion());
 
     // let's lock the surface
     QSignalSpy lockedChangedSpy(serverLockedPointer.data(), \
&LockedPointerInterface::lockedChanged); @@ -326,6 +331,11 @@ void \
TestPointerConstraints::testConfinePointer()  \
surface->commit(Surface::CommitFlag::None);  QVERIFY(regionChangedSpy.wait());
     QCOMPARE(serverConfinedPointer->region(), QRegion(0, 5, 10, 20));
+    // and unset region again
+    confinedPointer->setRegion(nullptr);
+    surface->commit(Surface::CommitFlag::None);
+    QVERIFY(regionChangedSpy.wait());
+    QCOMPARE(serverConfinedPointer->region(), QRegion());
 
     // let's confine the surface
     QSignalSpy confinedChangedSpy(serverConfinedPointer.data(), \
                &ConfinedPointerInterface::confinedChanged);
diff --git a/src/client/pointerconstraints.cpp b/src/client/pointerconstraints.cpp
index f1adc2b..2444df4 100644
--- a/src/client/pointerconstraints.cpp
+++ b/src/client/pointerconstraints.cpp
@@ -253,7 +253,11 @@ void LockedPointer::setCursorPositionHint(const QPointF \
&surfaceLocal)  void LockedPointer::setRegion(Region *region)
 {
     Q_ASSERT(isValid());
-    zwp_locked_pointer_v1_set_region(d->lockedpointer, *region);
+    wl_region *wr = nullptr;
+    if (region) {
+        wr = *region;
+    }
+    zwp_locked_pointer_v1_set_region(d->lockedpointer, wr);
 }
 
 class ConfinedPointer::Private
@@ -349,7 +353,11 @@ bool ConfinedPointer::isValid() const
 void ConfinedPointer::setRegion(Region *region)
 {
     Q_ASSERT(isValid());
-    zwp_confined_pointer_v1_set_region(d->confinedpointer, *region);
+    wl_region *wr = nullptr;
+    if (region) {
+        wr = *region;
+    }
+    zwp_confined_pointer_v1_set_region(d->confinedpointer, wr);
 }
 
 }


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic