From 34e0cad9acd88ccf18fc24d6917520cfc819abc1 Mon Sep 17 00:00:00 2001 From: Tudor Brindus Date: Mon, 25 May 2020 15:20:15 -0400 Subject: [PATCH] input/cursor: fix heap-buffer overflow in constraint set_region Fixes #5383, caused by an oversight in 6f0a0bd. --- sway/input/cursor.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sway/input/cursor.c b/sway/input/cursor.c index 8de7d950..7b094d85 100644 --- a/sway/input/cursor.c +++ b/sway/input/cursor.c @@ -831,8 +831,12 @@ static void handle_constraint_commit(struct wl_listener *listener, static void handle_pointer_constraint_set_region(struct wl_listener *listener, void *data) { - struct sway_cursor *cursor = - wl_container_of(listener, cursor, constraint_commit); + struct sway_pointer_constraint *sway_constraint = + wl_container_of(listener, sway_constraint, set_region); + struct wlr_pointer_constraint_v1 *constraint = data; + struct sway_seat *seat = constraint->seat->data; + struct sway_cursor *cursor = seat->cursor; + cursor->active_confine_requires_warp = true; }