1. Patchew
  2. QEMU
  3. View series

[PATCH] ui/input: do not assert() when tracing invalid input

marcandre.lureau@redhat.com posted 1 patch 3 weeks, 6 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260503070939.2730826-1-marcandre.lureau@redhat.com
Maintainers: "Marc-André Lureau" <marcandre.lureau@redhat.com>
ui/input.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
[PATCH] ui/input: do not assert() when tracing invalid input
Posted by marcandre.lureau@redhat.com 3 weeks, 6 days ago 
From: Marc-André Lureau <marcandre.lureau@redhat.com>

It's possible to reach an assert() in the input tracing code by sending
some out of range input values via D-Bus for ex:

  #0  0x00007fec8652186c in __pthread_kill_implementation () at /lib64/libc.so.6
  #1  0x00007fec864c648e in raise () at /lib64/libc.so.6
  #2  0x00007fec864ad7b3 in abort () at /lib64/libc.so.6
  #3  0x00007fec864ae804 in __libc_message_impl.cold () at /lib64/libc.so.6
  #4  0x00007fec864be345 in __assert_fail () at /lib64/libc.so.6
  #5  0x00005597964c551e in qapi_enum_lookup[cold] ()
  #6  0x000055979650514a in qemu_input_event_send_impl ()
  #7  0x0000559796505a4d in qemu_input_queue_btn ()
  #8  0x00007fec85780c19 in dbus_mouse_press () at /usr/bin/../lib64/qemu/ui-dbus.so
  #9  0x00007fec857912fc in _g_dbus_codegen_marshal_BOOLEAN__OBJECT_UINT.part.0 () at /usr/bin/../lib64/qemu/ui-dbus.so
  #10 0x00007fec874cce7c in g_closure_invoke () at /lib64/libgobject-2.0.so.0
  #11 0x00007fec874eb849 in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
  #12 0x00007fec874ec66f in g_signal_emitv () at /lib64/libgobject-2.0.so.0
  #13 0x00007fec85797e0a in _qemu_dbus_display1_mouse_skeleton_handle_method_call () at /usr/bin/../lib64/qemu/ui-dbus.so

Other paths in input code accept out-of-range values
(qemu_input_key_value_to_number etc). Let it pass tracing.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 ui/input.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ui/input.c b/ui/input.c
index 57e7817878a..966023d4f4d 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -207,22 +207,22 @@ static void qemu_input_event_trace(QemuConsole *src, InputEvent *evt)
         break;
     case INPUT_EVENT_KIND_BTN:
         btn = evt->u.btn.data;
-        name = InputButton_str(btn->button);
+        name = btn->button < INPUT_BUTTON__MAX ? InputButton_str(btn->button) : "invalid";
         trace_input_event_btn(idx, name, btn->down);
         break;
     case INPUT_EVENT_KIND_REL:
         move = evt->u.rel.data;
-        name = InputAxis_str(move->axis);
+        name = move->axis < INPUT_AXIS__MAX ? InputAxis_str(move->axis) : "invalid";
         trace_input_event_rel(idx, name, move->value);
         break;
     case INPUT_EVENT_KIND_ABS:
         move = evt->u.abs.data;
-        name = InputAxis_str(move->axis);
+        name = move->axis < INPUT_AXIS__MAX ? InputAxis_str(move->axis) : "invalid";
         trace_input_event_abs(idx, name, move->value);
         break;
     case INPUT_EVENT_KIND_MTT:
         mtt = evt->u.mtt.data;
-        name = InputAxis_str(mtt->axis);
+        name = mtt->axis < INPUT_AXIS__MAX ? InputAxis_str(mtt->axis) : "invalid";
         trace_input_event_mtt(idx, name, mtt->value);
         break;
     case INPUT_EVENT_KIND__MAX:
-- 
2.54.0
Re: [PATCH] ui/input: do not assert() when tracing invalid input
Posted by Daniel P. Berrangé 3 weeks, 4 days ago 
On Sun, May 03, 2026 at 11:09:39AM +0400, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> It's possible to reach an assert() in the input tracing code by sending
> some out of range input values via D-Bus for ex:
> 
>   #0  0x00007fec8652186c in __pthread_kill_implementation () at /lib64/libc.so.6
>   #1  0x00007fec864c648e in raise () at /lib64/libc.so.6
>   #2  0x00007fec864ad7b3 in abort () at /lib64/libc.so.6
>   #3  0x00007fec864ae804 in __libc_message_impl.cold () at /lib64/libc.so.6
>   #4  0x00007fec864be345 in __assert_fail () at /lib64/libc.so.6
>   #5  0x00005597964c551e in qapi_enum_lookup[cold] ()
>   #6  0x000055979650514a in qemu_input_event_send_impl ()
>   #7  0x0000559796505a4d in qemu_input_queue_btn ()
>   #8  0x00007fec85780c19 in dbus_mouse_press () at /usr/bin/../lib64/qemu/ui-dbus.so
>   #9  0x00007fec857912fc in _g_dbus_codegen_marshal_BOOLEAN__OBJECT_UINT.part.0 () at /usr/bin/../lib64/qemu/ui-dbus.so
>   #10 0x00007fec874cce7c in g_closure_invoke () at /lib64/libgobject-2.0.so.0
>   #11 0x00007fec874eb849 in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
>   #12 0x00007fec874ec66f in g_signal_emitv () at /lib64/libgobject-2.0.so.0
>   #13 0x00007fec85797e0a in _qemu_dbus_display1_mouse_skeleton_handle_method_call () at /usr/bin/../lib64/qemu/ui-dbus.so
> 
> Other paths in input code accept out-of-range values
> (qemu_input_key_value_to_number etc). Let it pass tracing.
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
>  ui/input.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Daniel

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.