1
From 23065a974e5dcdf0d6a436a0547bb7887d306a6f Mon Sep 17 00:00:00 2001
2
From: Peter Hutterer <peter.hutterer@who-t.net>
3
Date: Fri, 11 May 2012 12:27:39 +1000
4
Subject: [PATCH 200/205] Avoid out-of-bounds access by running
5
num_active_touches < 0 (#49439)
7
If a touch is active during driver init, the slot will be set to
8
SLOTSTATE_CLOSE when it finishes. That could decrease num_active_touches to
9
less than 0, causing out-of-bounds access.
11
X.Org Bug 49439 <http://bugs.freedesktop.org/show_bug.cgi?id=49439>
13
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
14
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
15
(cherry picked from commit 77d766b1d535dff9a27c7db343ede85d9f44850b)
17
src/synaptics.c | 4 +++-
18
1 file changed, 3 insertions(+), 1 deletion(-)
20
diff --git a/src/synaptics.c b/src/synaptics.c
21
index 30d79c5..1d32093 100644
24
@@ -3128,7 +3128,9 @@ UpdateTouchState(InputInfoPtr pInfo, struct SynapticsHwState *hw)
25
priv->open_slots[j] = priv->open_slots[j + 1];
28
- priv->num_active_touches--;
29
+ BUG_WARN(priv->num_active_touches == 0);
30
+ if (priv->num_active_touches > 0)
31
+ priv->num_active_touches--;