[PATCH 0/1] MR11151: winewayland.drv: Fix null pointer dereference in keyboard_handle_modifiers
xkb_state may be NULL if the keyboard has not been fully initialized when a modifiers event arrives. Add a NULL check before calling xkb_state_update_mask to prevent a crash. tested on deepin v25 treeland and KDE plasma 6 -- https://gitlab.winehq.org/wine/wine/-/merge_requests/11151
From: chenzhengyong <chenzhengyong@uniontech.com> xkb_state may be NULL if the keyboard has not been fully initialized when a modifiers event arrives. Add a NULL check before calling xkb_state_update_mask to prevent a crash. Signed-off-by: chenzhengyong <chenzhengyong@uniontech.com> --- dlls/winewayland.drv/wayland_keyboard.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dlls/winewayland.drv/wayland_keyboard.c b/dlls/winewayland.drv/wayland_keyboard.c index 0a6eea2fa73..279c45612e7 100644 --- a/dlls/winewayland.drv/wayland_keyboard.c +++ b/dlls/winewayland.drv/wayland_keyboard.c @@ -900,8 +900,11 @@ static void keyboard_handle_modifiers(void *data, struct wl_keyboard *wl_keyboar serial, mods_depressed, mods_latched, mods_locked, xkb_group); pthread_mutex_lock(&keyboard->mutex); - xkb_state_update_mask(keyboard->xkb_state, mods_depressed, mods_latched, - mods_locked, 0, 0, xkb_group); + if (keyboard->xkb_state) + { + xkb_state_update_mask(keyboard->xkb_state, mods_depressed, mods_latched, + mods_locked, 0, 0, xkb_group); + } pthread_mutex_unlock(&keyboard->mutex); set_current_xkb_group(xkb_group); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/11151
@rbernon This issue occurs when returning to the login screen after logging out of WeCom. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/11151#note_143083
This merge request was approved by Etaash Mathamsetty. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/11151
This seems to indicate that we receive a modifiers event before receiving any keymap event? Isn't this a compositor bug? How is the client application supposed to handle the modifiers if it hasn't been told about the keymap? -- https://gitlab.winehq.org/wine/wine/-/merge_requests/11151#note_143095
On Mon Jun 15 06:40:23 2026 +0000, Rémi Bernon wrote:
This seems to indicate that we receive a modifiers event before receiving any keymap event? Isn't this a compositor bug? How is the client application supposed to handle the modifiers if it hasn't been told about the keymap? Yeah, it doesn't make any sense for this to happen. But the protocol doesn't define any behavior related to this case: https://wayland.app/protocols/wayland#wl_keyboard:event:modifiers and https://wayland.app/protocols/wayland#wl_keyboard:event:keymap. Which IMO makes it a case that we should avoid a crash.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/11151#note_143096
On Mon Jun 15 06:42:48 2026 +0000, Etaash Mathamsetty wrote:
Yeah, it doesn't make any sense for this to happen. But the protocol doesn't define any behavior related to this case: https://wayland.app/protocols/wayland#wl_keyboard:event:modifiers and https://wayland.app/protocols/wayland#wl_keyboard:event:keymap. Which IMO makes it a case that we should avoid a crash (and just not update the state?). Not sure what the client is supposed to do here, perhaps do nothing would be a valid behavior? IMO it would be better to fix it in the compositor (and update the protocol spec if necessary). Other calls such as set_current_xkb_group might have side effects that expect keyboard layouts, and therefore keymap, to have been initialized. Otherwise we just hide the bug in Wine and it might never be properly fixed.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/11151#note_143099
On Mon Jun 15 14:00:11 2026 +0000, Rémi Bernon wrote:
IMO it would be better to fix it in the compositor (and update the protocol spec if necessary). Other calls such as set_current_xkb_group might have side effects that expect keyboard layouts, and therefore keymap, to have been initialized. Otherwise we just hide the bug in Wine and it might never be properly fixed. `xkb_state_new` may fail, though such cases are extremely rare in practice. From a defensive programming perspective, it is still necessary to verify that `keyboard->xkb_state != NULL` before calling `xkb_state_update_mask`. Additionally, the WINE project runs on a wide variety of Wayland compositors. Adding this defensive check is also beneficial for compatibility.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/11151#note_143216
participants (4)
-
chenzhengyong -
Etaash Mathamsetty (@etaash.mathamsetty)
-
Rémi Bernon (@rbernon)
-
zhengyong chen (@chenzhengyong)