Stricter event error checking

A malicious X server claiming to not support GE but sending a GE would SEGV the client (always a NULL derefrence). Possible since d1c93500. (Also guard the EventToWire case so it's harder to shoot yourself in the foot.) Signed-off-by: Nathan Kidd <nkidd@opentext.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
author: Nathan Kidd <nkidd@opentext.com> 2014-01-17 13:40:07 +1000
committer: Peter Hutterer <peter.hutterer@who-t.net> 2014-01-20 09:46:49 +1000
commit: d5447c0156f556114dbf97d6064c0c7b0fcd5f70 (patch)
tree: 845565e8672cadb3d178f361ebd5cf576680047f
parent: bb24f2970f2e425f4df90c9b73d078ad15a73fbb (diff)
download: xorg-lib-libXext-d5447c0156f556114dbf97d6064c0c7b0fcd5f70.tar.gz
1 files changed, 17 insertions, 11 deletions
diff --git a/src/Xge.c b/src/Xge.c
index 1f37e59..5c4d72d 100644
--- a/src/Xge.c
+++ b/src/Xge.c
@@ -108,15 +108,21 @@ static XExtDisplayInfo *_xgeFindDisplay(Display *dpy)
                                   &xge_extension_hooks,
                                   0 /* no events, see below */,
                                   NULL);
-        /* We don't use an extension opcode, so we have to set the handlers
-         * directly. If GenericEvent would be > 64, the job would be done by
-         * XExtAddDisplay  */
-        XESetWireToEvent (dpy,
-                          GenericEvent,
-                          xge_extension_hooks.wire_to_event);
-        XESetEventToWire (dpy,
-                          GenericEvent,
-                          xge_extension_hooks.event_to_wire);
+        /* dpyinfo->codes is only null if the server claims not to suppport
+           XGE. Don't set up the hooks then, so that an XGE event from the
+           server doesn't crash our client */
+        if (dpyinfo && dpyinfo->codes)
+        {
+            /* We don't use an extension opcode, so we have to set the handlers
+             * directly. If GenericEvent would be > 64, the job would be done by
+             * XExtAddDisplay  */
+            XESetWireToEvent (dpy,
+                              GenericEvent,
+                              xge_extension_hooks.wire_to_event);
+            XESetEventToWire (dpy,
+                              GenericEvent,
+                              xge_extension_hooks.event_to_wire);
+        }
     }
     return dpyinfo;
 }
@@ -238,7 +244,7 @@ _xgeWireToEvent(Display* dpy, XEvent* re, xEvent *event)
     int extension;
     XGEExtList it;
     XExtDisplayInfo* info = _xgeFindDisplay(dpy);
-    if (!info)
+    if (!info || !info->data)
         return False;
     /*
        _xgeCheckExtInit() calls LockDisplay, leading to a SIGABRT.
@@ -274,7 +280,7 @@ _xgeEventToWire(Display* dpy, XEvent* re, xEvent* event)
     int extension;
     XGEExtList it;
     XExtDisplayInfo* info = _xgeFindDisplay(dpy);
-    if (!info)
+    if (!info || !info->data)
         return 1; /* error! */
 
     extension = ((XGenericEvent*)re)->extension;
author	Nathan Kidd <nkidd@opentext.com>	2014-01-17 13:40:07 +1000
committer	Peter Hutterer <peter.hutterer@who-t.net>	2014-01-20 09:46:49 +1000
commit	d5447c0156f556114dbf97d6064c0c7b0fcd5f70 (patch)
tree	845565e8672cadb3d178f361ebd5cf576680047f
parent	bb24f2970f2e425f4df90c9b73d078ad15a73fbb (diff)
download	xorg-lib-libXext-d5447c0156f556114dbf97d6064c0c7b0fcd5f70.tar.gz