From: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Date: Mon, 15 Apr 2013 14:53:48 +0000 (+0200)
Subject: dix: copy event in TouchConvertToPointerEvent correctly
X-Git-Tag: xorg-server-1.14.99.2~106^2~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=98b94c36d6b1d286bbd4cb414e54b4b95a1484b0;p=platform%2Fupstream%2Fxorg-server.git

dix: copy event in TouchConvertToPointerEvent correctly

Fixes reading random memory read beyond the end of original event.

sizeof device_event: 424
sizeof internal_event: 2800

Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---

diff --git a/dix/touch.c b/dix/touch.c
index 891cc78..3027bbb 100644
--- a/dix/touch.c
+++ b/dix/touch.c
@@ -620,14 +620,14 @@ TouchConvertToPointerEvent(const InternalEvent *event,
     BUG_WARN_MSG(!(event->device_event.flags & TOUCH_POINTER_EMULATED),
                  "Non-emulating touch event\n");
 
-    *motion_event = *event;
+    motion_event->device_event = event->device_event;
     motion_event->any.type = ET_Motion;
     motion_event->device_event.detail.button = 0;
     motion_event->device_event.flags = XIPointerEmulated;
 
     if (nevents > 1) {
         BUG_RETURN_VAL(!button_event, 0);
-        *button_event = *event;
+        button_event->device_event = event->device_event;
         button_event->any.type = ptrtype;
         button_event->device_event.flags = XIPointerEmulated;
         /* detail is already correct */