debian/changelog | 9 +++
debian/patches/mi-dont-process-disabled.patch | 62 ++++++++++++++++++++++++
debian/patches/series | 2
debian/patches/xi-dont-copy-too-much.patch | 67 ++++++++++++++++++++++++++
4 files changed, 140 insertions(+)
New commits:
commit a1b1ff9a27765697bc001a42f47dcef11f5e58da
Author: Maarten Lankhorst <maarten.lankho...@canonical.com>
Date: Tue May 20 11:32:49 2014 +0200
release to u
diff --git a/debian/changelog b/debian/changelog
index 4ea0d8c..126f08d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,11 @@
-xorg-server (2:1.15.1-0ubuntu5) UNRELEASED; urgency=low
+xorg-server (2:1.15.1-0ubuntu5) utopic; urgency=low
* Add upstream patch to fix some valgrind issues.
- xi-dont-copy-too-much.patch
* Fix crash related to suspend/shutdown. (LP: #1208473)
- mi-dont-process-disabled.patch
- -- Maarten Lankhorst <maarten.lankho...@ubuntu.com> Tue, 20 May 2014
10:49:07 +0200
+ -- Maarten Lankhorst <maarten.lankho...@ubuntu.com> Tue, 20 May 2014
11:32:41 +0200
xorg-server (2:1.15.1-0ubuntu4) utopic; urgency=low
commit 2f75edaca4e4f532abf7882d34b8dbbee22eeb71
Author: Maarten Lankhorst <maarten.lankho...@canonical.com>
Date: Tue May 20 11:30:52 2014 +0200
Add upstream patches to fix some valgrind issues, and fix crash related to
suspend/shutdown.
xi-dont-copy-too-much.patch
mi-dont-process-disabled.patch
diff --git a/debian/changelog b/debian/changelog
index 06eb8a8..4ea0d8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+xorg-server (2:1.15.1-0ubuntu5) UNRELEASED; urgency=low
+
+ * Add upstream patch to fix some valgrind issues.
+ - xi-dont-copy-too-much.patch
+ * Fix crash related to suspend/shutdown. (LP: #1208473)
+ - mi-dont-process-disabled.patch
+
+ -- Maarten Lankhorst <maarten.lankho...@ubuntu.com> Tue, 20 May 2014
10:49:07 +0200
+
xorg-server (2:1.15.1-0ubuntu4) utopic; urgency=low
* Resize touch event history if the array is filled up.
diff --git a/debian/patches/mi-dont-process-disabled.patch
b/debian/patches/mi-dont-process-disabled.patch
new file mode 100644
index 0000000..81691ee
--- /dev/null
+++ b/debian/patches/mi-dont-process-disabled.patch
@@ -0,0 +1,62 @@
+Date: Tue, 20 May 2014 14:32:59 +1000
+From: Peter Hutterer <peter.hutte...@who-t.net>
+Subject: [PATCH] mi: don't process events from disabled devices (#77884)
+
+Once a device is disabled, it doesn't have a sprite pointer anymore. If an
+event is still in the queue and processed after DisableDevice finished, a
+dereference causes a crash. Example backtrace (crash forced by injecting an
+event at the right time):
+
+(EE) 0: /opt/xorg/bin/Xorg (OsSigHandler+0x3c) [0x48d334]
+(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x37fcc0f74f]
+(EE) 2: /opt/xorg/bin/Xorg (mieqMoveToNewScreen+0x38) [0x609240]
+(EE) 3: /opt/xorg/bin/Xorg (mieqProcessDeviceEvent+0xd4) [0x609389]
+(EE) 4: /opt/xorg/bin/Xorg (mieqProcessInputEvents+0x206) [0x609720]
+(EE) 5: /opt/xorg/bin/Xorg (ProcessInputEvents+0xd) [0x4aeb58]
+(EE) 6: /opt/xorg/bin/Xorg (xf86VTSwitch+0x1a6) [0x4af457]
+(EE) 7: /opt/xorg/bin/Xorg (xf86Wakeup+0x2bf) [0x4af0a7]
+(EE) 8: /opt/xorg/bin/Xorg (WakeupHandler+0x83) [0x4445cb]
+(EE) 9: /opt/xorg/bin/Xorg (WaitForSomething+0x3fe) [0x491bf6]
+(EE) 10: /opt/xorg/bin/Xorg (Dispatch+0x97) [0x435748]
+(EE) 11: /opt/xorg/bin/Xorg (dix_main+0x61d) [0x4438a9]
+(EE) 12: /opt/xorg/bin/Xorg (main+0x28) [0x49ba28]
+(EE) 13: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x37fc821d65]
+(EE) 14: /opt/xorg/bin/Xorg (_start+0x29) [0x425e69]
+(EE) 15: ? (?+0x29) [0x29]
+
+xf86VTSwitch() calls ProcessInputEvents() before disabling a device, and
+DisableDevice() calls mieqProcessInputEvents() again when flushing touches and
+button events. Between that and disabling the device (which causes new events
+to be refused) there is a window where events may be triggered and enqueued.
+On the next call to PIE that event is processed on a now defunct device,
+causing the crash.
+
+The simplest fix to this is to discard events from disabled devices. We flush
+the queue often enough before disabling that when we get here, we really don't
+care about the events from this device.
+
+X.Org Bug 77884 <http://bugs.freedesktop.org/show_bug.cgi?id=77884>
+---
+Modified by Maarten Lankhorst to pass tests.
+
+ mi/mieq.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/mi/mieq.c b/mi/mieq.c
+index 4c07480..188a0b0 100644
+--- a/mi/mieq.c
++++ b/mi/mieq.c
+@@ -515,6 +515,10 @@ mieqProcessDeviceEvent(DeviceIntPtr dev, InternalEvent
*event, ScreenPtr screen)
+
+ verify_internal_event(event);
+
++ /* refuse events from disabled devices */
++ if (dev && !dev->enabled)
++ return 0;
++
+ /* Custom event handler */
+ handler = miEventQueue.handlers[event->any.type];
+
+--
+1.9.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 93c7b5a..8266f07 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -53,3 +53,5 @@ fix-ftbfs-ppc64el.patch
xmir.patch
drm_device_keep_trying.patch
xi2-resize-touch.patch
+xi-dont-copy-too-much.patch
+mi-dont-process-disabled.patch
diff --git a/debian/patches/xi-dont-copy-too-much.patch
b/debian/patches/xi-dont-copy-too-much.patch
new file mode 100644
index 0000000..117f7f4
--- /dev/null
+++ b/debian/patches/xi-dont-copy-too-much.patch
@@ -0,0 +1,67 @@
+commit 56929f41e6c4cc1b2d72a33d14b4d993e7b613a3
+Author: Peter Hutterer <peter.hutte...@who-t.net>
+Date: Tue Apr 29 16:52:01 2014 +1000
+
+ Xi: don't copy a DeviceEvent into an InternalEvent
+
+ ==26141== Invalid read of size 8
+ ==26141== at 0x58FAEA: DeliverEmulatedMotionEvent (exevents.c:1484)
+
+ An InternalEvent is bigger than a DeviceEvent, thus copying one to the
other
+ reads past the allocated boundary. Shouldn't have any real effect since we
+ shouldn't access anything past the DeviceEvent boundary if the event type
is
+ correct.
+
+ Signed-off-by: Peter Hutterer <peter.hutte...@who-t.net>
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 9c207eb..02530bd 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -1469,7 +1469,7 @@ static void
+ DeliverEmulatedMotionEvent(DeviceIntPtr dev, TouchPointInfoPtr ti,
+ InternalEvent *ev)
+ {
+- InternalEvent motion;
++ DeviceEvent motion;
+
+ if (ti->num_listeners) {
+ ClientPtr client;
+@@ -1481,11 +1481,11 @@ DeliverEmulatedMotionEvent(DeviceIntPtr dev,
TouchPointInfoPtr ti,
+ ti->listeners[0].type != LISTENER_POINTER_GRAB)
+ return;
+
+- motion = *ev;
+- motion.any.type = ET_TouchUpdate;
+- motion.device_event.detail.button = 0;
++ motion = ev->device_event;
++ motion.type = ET_TouchUpdate;
++ motion.detail.button = 0;
+
+- if (!RetrieveTouchDeliveryData(dev, ti, &motion,
++ if (!RetrieveTouchDeliveryData(dev, ti, (InternalEvent*)&motion,
+ &ti->listeners[0], &client, &win,
&grab,
+ &mask))
+ return;
+@@ -1500,18 +1500,18 @@ DeliverEmulatedMotionEvent(DeviceIntPtr dev,
TouchPointInfoPtr ti,
+ }
+ }
+
+- DeliverTouchEmulatedEvent(dev, ti, &motion, &ti->listeners[0], client,
++ DeliverTouchEmulatedEvent(dev, ti, (InternalEvent*)&motion,
&ti->listeners[0], client,
+ win, grab, mask);
+ }
+ else {
+ InternalEvent button;
+ int converted;
+
+- converted = TouchConvertToPointerEvent(ev, &motion, &button);
++ converted = TouchConvertToPointerEvent(ev, (InternalEvent*)&motion,
&button);
+
+ BUG_WARN(converted == 0);
+ if (converted)
+- ProcessOtherEvent(&motion, dev);
++ ProcessOtherEvent((InternalEvent*)&motion, dev);
+ }
+ }
+
--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e1wmgia-0001dt...@moszumanska.debian.org
