From c84f5c3dd19ae114da4eb3441b3e4e3a29f195df Mon Sep 17 00:00:00 2001 From: Olivier Fourdan Date: Tue, 28 Feb 2017 14:27:52 +0100 Subject: [PATCH] xwayland: Make sure we have a focus window During the InitInput() phase, the wayland events get dequeued so we can possibly end up calling dispatch_pointer_motion_event(). If this occurs before xwl_seat->focus_window is set, it leads to a NULL pointer derefence and a segfault. Check for xwl_seat->focus_window in both pointer_handle_frame() and relative_pointer_handle_relative_motion() prior to calling dispatch_pointer_motion_event() like it's done in pointer_handle_motion(). Bugzilla: https://bugzilla.redhat.com/1410804 Signed-off-by: Olivier Fourdan Reviewed-by: Peter Hutterer Signed-off-by: Peter Hutterer (cherry picked from commit 8c9909a99292b2fb4a86de694bb0029f61e35662) --- hw/xwayland/xwayland-input.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c index ecf0b7a62..ce0e433b8 100644 --- a/hw/xwayland/xwayland-input.c +++ b/hw/xwayland/xwayland-input.c @@ -516,6 +516,9 @@ pointer_handle_frame(void *data, struct wl_pointer *wl_pointer) { struct xwl_seat *xwl_seat = data; + if (!xwl_seat->focus_window) + return; + dispatch_pointer_motion_event(xwl_seat); } @@ -566,6 +569,9 @@ relative_pointer_handle_relative_motion(void *data, xwl_seat->pending_pointer_event.dx_unaccel = wl_fixed_to_double(dx_unaccelf); xwl_seat->pending_pointer_event.dy_unaccel = wl_fixed_to_double(dy_unaccelf); + if (!xwl_seat->focus_window) + return; + if (wl_proxy_get_version((struct wl_proxy *) xwl_seat->wl_pointer) < 5) dispatch_pointer_motion_event(xwl_seat); }