From 37e7c3afbc26d547daf94655a4dff1dfb59e5545 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Tue, 3 Feb 2015 14:12:07 +0100 Subject: Ensure null pointers are not added to QXcbConnection::m_touchDevices QXcbConnection::touchDeviceForId attempts to retrieve an existing XInput2TouchDeviceData from m_touchDevices via QHash::operator[]. If m_touchDevices does not contain the specified XInput2TouchDeviceData, QHash::operator[] adds a default constructed value (i.e. a null pointer) for the specified id. This null pointer is not removed from m_touchDevices if the condition "nrDevices <= 0" is true below. This causes a null pointer dereference later on in QXcbConnection::finalizeXInput2. Change-Id: Icd3352417047c4b35d56db2d9f51e3fa1d859e9d Reviewed-by: Shawn Rutledge --- src/plugins/platforms/xcb/qxcbconnection_xi2.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/plugins') diff --git a/src/plugins/platforms/xcb/qxcbconnection_xi2.cpp b/src/plugins/platforms/xcb/qxcbconnection_xi2.cpp index 07303f4e22..8a9e7a55c0 100644 --- a/src/plugins/platforms/xcb/qxcbconnection_xi2.cpp +++ b/src/plugins/platforms/xcb/qxcbconnection_xi2.cpp @@ -355,8 +355,11 @@ void QXcbConnection::xi2Select(xcb_window_t window) XInput2TouchDeviceData *QXcbConnection::touchDeviceForId(int id) { - XInput2TouchDeviceData *dev = m_touchDevices[id]; - if (!dev) { + XInput2TouchDeviceData *dev = Q_NULLPTR; + QHash::const_iterator devIt = m_touchDevices.find(id); + if ( devIt != m_touchDevices.end() ) { + dev = devIt.value(); + } else { int nrDevices = 0; QTouchDevice::Capabilities caps = 0; dev = new XInput2TouchDeviceData; @@ -428,7 +431,6 @@ XInput2TouchDeviceData *QXcbConnection::touchDeviceForId(int id) QWindowSystemInterface::registerTouchDevice(dev->qtTouchDevice); m_touchDevices[id] = dev; } else { - m_touchDevices.remove(id); XIFreeDeviceInfo(dev->xiDeviceInfo); delete dev; dev = 0; -- cgit v1.2.3