Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
xorg-x11-server.36106
bsc1218585-0002-dix-when-disabling-a-master-flo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch of Package xorg-x11-server.36106
From 1a5e3c3e68d4f965077ea6a40ba57cc0d5a4e8cb Mon Sep 17 00:00:00 2001 From: Peter Hutterer <peter.hutterer@who-t.net> Date: Fri, 5 Jan 2024 09:40:27 +1000 Subject: [PATCH xserver] dix: when disabling a master, float disabled slaved devices too Disabling a master device floats all slave devices but we didn't do this to already-disabled slave devices. As a result those devices kept their reference to the master device resulting in access to already freed memory if the master device was removed before the corresponding slave device. And to match this behavior, also forcibly reset that pointer during CloseDownDevices(). Related to CVE-2024-21886, ZDI-CAN-22840 --- dix/devices.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) Index: xorg-server-1.20.3/dix/devices.c =================================================================== --- xorg-server-1.20.3.orig/dix/devices.c +++ xorg-server-1.20.3/dix/devices.c @@ -480,6 +480,13 @@ DisableDevice(DeviceIntPtr dev, BOOL sen flags[other->id] |= XISlaveDetached; } } + + for (other = inputInfo.off_devices; other; other = other->next) { + if (!IsMaster(other) && GetMaster(other, MASTER_ATTACHED) == dev) { + AttachDevice(NULL, other, NULL); + flags[other->id] |= XISlaveDetached; + } + } } else { for (other = inputInfo.devices; other; other = other->next) { @@ -1075,6 +1082,11 @@ CloseDownDevices(void) if (!IsMaster(dev) && !IsFloating(dev)) dev->master = NULL; } + + for (dev = inputInfo.off_devices; dev; dev = dev->next) { + if (!IsMaster(dev) && !IsFloating(dev)) + dev->master = NULL; + } CloseDeviceList(&inputInfo.devices); CloseDeviceList(&inputInfo.off_devices);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
