If the device is disabled, the sprite window is NULL and dereferencing crashes the server.
This is only triggered for XI 1.x grabs (ProcXGrabDevice) as XI2 grabs would trigger another code path, creating a sprite for the disabled device as if detaching it (which is wrong and fixed with this patch too). Grabbing a disabled device doesn't make sense as it won't send events anyway. However, the protocol specs do not prohibit it, so we need to keep it working. Luckily, oldWin is only used for focus out events, which aren't necessary given that the device is disabled. X.Org Bug 54934 <http://bugs.freedesktop.org/show_bug.cgi?id=54934> Signed-off-by: Peter Hutterer <[email protected]> --- dix/events.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dix/events.c b/dix/events.c index d1931af..96778f7 100644 --- a/dix/events.c +++ b/dix/events.c @@ -1555,11 +1555,13 @@ ActivateKeyboardGrab(DeviceIntPtr keybd, GrabPtr grab, TimeStamp time, WindowPtr oldWin; /* slave devices need to float for the duration of the grab. */ - if (grab->grabtype == XI2 && + if (grab->grabtype == XI2 && keybd->enabled && !(passive & ImplicitGrabMask) && !IsMaster(keybd)) DetachFromMaster(keybd); - if (grabinfo->grab) + if (!keybd->enabled) + oldWin = NULL; + else if (grabinfo->grab) oldWin = grabinfo->grab->window; else if (keybd->focus) oldWin = keybd->focus->win; @@ -1571,7 +1573,8 @@ ActivateKeyboardGrab(DeviceIntPtr keybd, GrabPtr grab, TimeStamp time, oldWin = keybd->focus->win; if (keybd->valuator) keybd->valuator->motionHintWindow = NullWindow; - DoFocusEvents(keybd, oldWin, grab->window, NotifyGrab); + if (oldWin) + DoFocusEvents(keybd, oldWin, grab->window, NotifyGrab); if (syncEvents.playingEvents) grabinfo->grabTime = syncEvents.time; else -- 1.7.11.2 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
