A call to miPointerUpdateSprite for the XTEST keyboard may result in a NULL pointer dereference in miDCPutUpCursor() when the save buffer is NULL.
XTS test case: Xlib 11 KeymapNotify Signed-off-by: Peter Hutterer <[email protected]> --- Xext/xtest.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/Xext/xtest.c b/Xext/xtest.c index 5af2b5c..bb52c10 100644 --- a/Xext/xtest.c +++ b/Xext/xtest.c @@ -184,6 +184,7 @@ ProcXTestFakeInput(ClientPtr client) int i; int base = 0; int flags = 0; + int need_ptr_update = 1; nev = (stuff->length << 2) - sizeof(xReq); if ((nev % sizeof(xEvent)) || !nev) @@ -387,6 +388,8 @@ ProcXTestFakeInput(ClientPtr client) client->errorValue = ev->u.u.detail; return BadValue; } + + need_ptr_update = 0; break; case MotionNotify: if (!dev->valuator) @@ -451,7 +454,8 @@ ProcXTestFakeInput(ClientPtr client) for (i = 0; i < nevents; i++) mieqProcessDeviceEvent(dev, (InternalEvent*)(xtest_evlist+i)->event, NULL); - miPointerUpdateSprite(dev); + if (need_ptr_update) + miPointerUpdateSprite(dev); return client->noClientException; } -- 1.6.6.1 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
