From 741441765601c00cb84ecb7fa7b38e69d185f51a Mon Sep 17 00:00:00 2001 From: Konrad Materka Date: Thu, 10 Oct 2019 08:42:32 -0600 Subject: [PATCH] [XembedSNIProxy] Do not crash on null pointer Summary: XCB may return null pointer as a response. Add a check to prevent segmentation fault. BUG: 409652 FIXED-IN: 5.17.1 Test Plan: It is hard to reproduce, but the reason of the segmentation fault is pretty obvious, thanks to the debug dump from bug 409652 Reviewers: #plasma_workspaces, #plasma, davidedmundson Reviewed By: #plasma_workspaces, #plasma, davidedmundson Subscribers: ngraham, plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D24514 --- xembed-sni-proxy/fdoselectionmanager.cpp | 22 +++++++++++----------- xembed-sni-proxy/fdoselectionmanager.h | 5 ++--- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/xembed-sni-proxy/fdoselectionmanager.cpp b/xembed-sni-proxy/fdoselectionmanager.cpp index 993d1db21..be5d82b4c 100644 --- a/xembed-sni-proxy/fdoselectionmanager.cpp +++ b/xembed-sni-proxy/fdoselectionmanager.cpp @@ -66,7 +66,7 @@ void FdoSelectionManager::init() xcb_connection_t *c = QX11Info::connection(); xcb_prefetch_extension_data(c, &xcb_damage_id); const auto *reply = xcb_get_extension_data(c, &xcb_damage_id); - if (reply->present) { + if (reply && reply->present) { m_damageEventBase = reply->first_event; xcb_damage_query_version_unchecked(c, XCB_DAMAGE_MAJOR_VERSION, XCB_DAMAGE_MINOR_VERSION); } else { @@ -117,24 +117,24 @@ bool FdoSelectionManager::addDamageWatch(xcb_window_t client) return true; } -bool FdoSelectionManager::nativeEventFilter(const QByteArray& eventType, void* message, long int* result) +bool FdoSelectionManager::nativeEventFilter(const QByteArray &eventType, void *message, long int *result) { - Q_UNUSED(result); + Q_UNUSED(result) if (eventType != "xcb_generic_event_t") { return false; } - xcb_generic_event_t* ev = static_cast(message); + xcb_generic_event_t *ev = static_cast(message); const auto responseType = XCB_EVENT_RESPONSE_TYPE(ev); if (responseType == XCB_CLIENT_MESSAGE) { const auto ce = reinterpret_cast(ev); if (ce->type == Xcb::atoms->opcodeAtom) { switch (ce->data.data32[1]) { - case SYSTEM_TRAY_REQUEST_DOCK: - dock(ce->data.data32[2]); - return true; + case SYSTEM_TRAY_REQUEST_DOCK: + dock(ce->data.data32[2]); + return true; } } } else if (responseType == XCB_UNMAP_NOTIFY) { @@ -149,9 +149,9 @@ bool FdoSelectionManager::nativeEventFilter(const QByteArray& eventType, void* m } } else if (responseType == m_damageEventBase + XCB_DAMAGE_NOTIFY) { const auto damagedWId = reinterpret_cast(ev)->drawable; - const auto sniProx = m_proxies.value(damagedWId); - if(sniProx) { - sniProx->update(); + const auto sniProxy = m_proxies.value(damagedWId); + if (sniProxy) { + sniProxy->update(); xcb_damage_subtract(QX11Info::connection(), m_damageWatches[damagedWId], XCB_NONE, XCB_NONE); } } @@ -207,7 +207,7 @@ void FdoSelectionManager::onLostOwnership() void FdoSelectionManager::compositingChanged() { xcb_connection_t *c = QX11Info::connection(); - auto screen = xcb_setup_roots_iterator (xcb_get_setup (c)).data; + auto screen = xcb_setup_roots_iterator(xcb_get_setup(c)).data; auto trayVisual = screen->root_visual; if (KWindowSystem::compositingActive()) { xcb_depth_iterator_t depth_iterator = xcb_screen_allowed_depths_iterator(screen); diff --git a/xembed-sni-proxy/fdoselectionmanager.h b/xembed-sni-proxy/fdoselectionmanager.h index d40ac1171..225e2fd05 100644 --- a/xembed-sni-proxy/fdoselectionmanager.h +++ b/xembed-sni-proxy/fdoselectionmanager.h @@ -39,7 +39,7 @@ public: ~FdoSelectionManager() override; protected: - bool nativeEventFilter(const QByteArray & eventType, void * message, long * result) override; + bool nativeEventFilter(const QByteArray &eventType, void *message, long *result) override; private Q_SLOTS: void onClaimedOwnership(); @@ -56,9 +56,8 @@ private: uint8_t m_damageEventBase; QHash m_damageWatches; - QHash m_proxies; + QHash m_proxies; KSelectionOwner *m_selectionOwner; }; - #endif