After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 787649 - Mutter may segfault if a tablet is quickly connected and disconnected
Mutter may segfault if a tablet is quickly connected and disconnected
Status: RESOLVED FIXED
Product: mutter
Classification: Core
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: mutter-maint
mutter-maint
Depends on:
Blocks:
 
 
Reported: 2017-09-13 22:08 UTC by Jason Gerecke
Modified: 2017-09-28 13:58 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
backends/x11: Prevent segfault when querying list of devices (1.12 KB, patch)
2017-09-13 22:10 UTC, Jason Gerecke 		committed Details | Review

Description Jason Gerecke 2017-09-13 22:08:39 UTC 
If a Wacom tablet is connected and quickly disconnected, an Xorg mutter may crash with a segfault with the following backtrace. It appears that this is caused by `XIQueryDevice` returning a NULL `info` pointer and a negative value for `n_devices`. The check within `device_query_area` only checks for `n_devices == 0`, allowing the NULL pointer to be dereferenced later on.

Reproducing this issue is more easily done by repeatedly loading and unloading the wacom kernel module, e.g. as done by https://gist.github.com/jigpu/126d22e5fbb977b83fbc16f82bcace0a

Program terminated with signal SIGSEGV, Segmentation fault.

+ Trace 237958

  • #0 device_query_area
    at backends/x11/meta-input-settings-x11.c line 587
  • #0 device_query_area
    at backends/x11/meta-input-settings-x11.c line 587
  • #1 meta_input_settings_x11_set_tablet_keep_aspect
    at backends/x11/meta-input-settings-x11.c line 646
  • #2 update_tablet_keep_aspect
    at backends/meta-input-settings.c line 860
  • #3 update_device_display
    at backends/meta-input-settings.c line 900
  • #4 apply_mappable_device_settings
    at backends/meta-input-settings.c line 1098
  • #5 check_add_mappable_device
    at backends/meta-input-settings.c line 1325
  • #6 meta_input_settings_device_added
    at backends/meta-input-settings.c line 1458
  • #7 g_closure_invoke
  • #8 0x00007f0332f4a4ae in
  • #9 g_signal_emit_valist
  • #10 g_signal_emit_by_name
  • #11 add_device
    at x11/clutter-device-manager-xi2.c line 609
  • #12 translate_hierarchy_event
    at x11/clutter-device-manager-xi2.c line 669
  • #13 clutter_device_manager_xi2_translate_event
    at x11/clutter-device-manager-xi2.c line 1219
  • #14 _clutter_event_translator_translate_event
    at clutter-event-translator.c line 37
  • #15 clutter_backend_real_translate_event
    at clutter-backend.c line 596
  • #16 clutter_backend_x11_translate_event
    at x11/clutter-backend-x11.c line 666
  • #17 _clutter_backend_translate_event
    at clutter-backend.c line 1189
  • #18 clutter_x11_handle_event
    at x11/clutter-event-x11.c line 200
  • #19 handle_host_xevent
    at backends/x11/meta-backend-x11.c line 292
  • #20 x_event_source_dispatch
    at backends/x11/meta-backend-x11.c line 345
  • #21 g_main_context_dispatch
  • #22 0x00007f0332c5fc88 in
  • #23 g_main_loop_run
  • #24 meta_run
    at core/main.c line 648
  • #25 main
    at main.c line 454 






Comment 1


Jason Gerecke





          2017-09-13 22:10:32 UTC
        



Created attachment 359745 [details] [review]
backends/x11: Prevent segfault when querying list of devices

Patch which fixes the segfault






Comment 2


Rui Matos





          2017-09-14 08:48:38 UTC
        



Review of attachment 359745 [details] [review]:

lgtm






Comment 3


Jason Gerecke





          2017-09-27 21:00:56 UTC
        



Does someone need to be CCd to commit this patch?






Comment 4


Jonas Ådahl





          2017-09-28 13:58:46 UTC
        



Attachment 359745 [details] pushed as 8493777 - backends/x11: Prevent segfault when querying list of devices