Brad Bishop | 35a7742 | 2020-05-26 13:25:03 -0400 | [diff] [blame^] | 1 | From 95a10ab64c2dbbec2c8dad91a5ffb73a0d68474b Mon Sep 17 00:00:00 2001 |
| 2 | From: Jonathan Liu <net147@gmail.com> |
| 3 | Date: Mon, 16 Mar 2020 20:04:06 +1100 |
| 4 | Subject: [PATCH] src/cursor: fix xfc NULL pointer dereference |
| 5 | |
| 6 | xfc->width and xfc->height for the XFixes cursor image returned from |
| 7 | XFixesGetCursorImage(dpy) are accessed without first checking that xfc |
| 8 | is not NULL. This can result in the server sometimes crashing when |
| 9 | moving a Google Chrome window. |
| 10 | |
| 11 | Fixes: 37c946191a0f ("Broken cursor bugfix for 64 bit systems (#49)") |
| 12 | Upstream-Status: Accepted |
| 13 | Signed-off-by: Jonathan Liu <net147@gmail.com> |
| 14 | --- |
| 15 | src/cursor.c | 2 +- |
| 16 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 17 | |
| 18 | diff --git a/src/cursor.c b/src/cursor.c |
| 19 | index 39e73a6..74a08c6 100644 |
| 20 | --- a/src/cursor.c |
| 21 | +++ b/src/cursor.c |
| 22 | @@ -1311,7 +1311,7 @@ static int get_exact_cursor(int init) { |
| 23 | |
| 24 | /* retrieve the cursor info + pixels from server: */ |
| 25 | xfc = XFixesGetCursorImage(dpy); |
| 26 | - { |
| 27 | + if (xfc) { |
| 28 | /* 2017-07-09, Stephan Fuhrmann: This fixes an implementation flaw for 64 bit systems. |
| 29 | * The XFixesCursorImage structure says xfc->pixels is (unsigned long*) in the structure, but |
| 30 | * the protocol spec says it's 32 bit per pixel |