From 0419f78fae1d70bb5de0d44be62ec9741c5a742b Mon Sep 17 00:00:00 2001
From: Hani Benhabiles <kroosec@gmail.com>
Date: Mon, 31 Mar 2014 23:09:06 +0100
Subject: input: mouse_set should check input device type.

Otherwise, the index of an input device like a usb-kbd is silently accepted.

(qemu) info mice
  Mouse #2: QEMU PS/2 Mouse
* Mouse #3: QEMU HID Mouse
(qemu) mouse_set 1
(qemu) info mice
  Mouse #2: QEMU PS/2 Mouse
* Mouse #3: QEMU HID Mouse

Also replace monitor_printf() call in do_mouse_set() with error_report() and
adjust error message.

Signed-off-by: Hani Benhabiles <hani@linux.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/input.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'ui')

diff --git a/ui/input.c b/ui/input.c
index 2761911..6e6a924 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -342,15 +342,21 @@ void do_mouse_set(Monitor *mon, const QDict *qdict)
     int found = 0;
 
     QTAILQ_FOREACH(s, &handlers, node) {
-        if (s->id == index) {
-            found = 1;
-            qemu_input_handler_activate(s);
-            break;
+        if (s->id != index) {
+            continue;
         }
+        if (!(s->handler->mask & (INPUT_EVENT_MASK_REL |
+                                  INPUT_EVENT_MASK_ABS))) {
+            error_report("Input device '%s' is not a mouse", s->handler->name);
+            return;
+        }
+        found = 1;
+        qemu_input_handler_activate(s);
+        break;
     }
 
     if (!found) {
-        monitor_printf(mon, "Mouse at given index not found\n");
+        error_report("Mouse at index '%d' not found", index);
     }
 
     qemu_input_check_mode_change();
-- 
cgit v1.1


From bdcc3a28b7f6ed6b90ad8b8af7b5d17e0d3f1f06 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 31 Mar 2014 16:07:30 +0200
Subject: input: add sanity check

Check we've actually found a input handler before trying to call it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/input.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ui')

diff --git a/ui/input.c b/ui/input.c
index 6e6a924..1ed0e78 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -143,6 +143,9 @@ void qemu_input_event_send(QemuConsole *src, InputEvent *evt)
 
     /* send event */
     s = qemu_input_find_handler(1 << evt->kind);
+    if (!s) {
+        return;
+    }
     s->handler->event(s->dev, src, evt);
     s->events++;
 }
-- 
cgit v1.1