Xorg crashed with SIGSEGV in XIGetDeviceProperty()

If the device is turned off, usually by syndaemon to disable the touchpad while the typing, the touch state will not be updated with the latest hardware state changes. If a touch begins while the device is off and ends while the device is on, then the touch count will be decremented without any previous increment. A similar effect will occur if the device is on when the touch begins, but off when the touch ends.

If the touch count goes negative, the index into the touch slot mask array will be out of bounds. This can corrupt memory and cause random crashes.

Original bug report
===================

No idea what happened.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: xserver-xorg-core 2:1.11.4-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-15.24-generic 3.2.5
Uname: Linux 3.2.0-15-generic x86_64
.tmp.unity.support.test.0:

ApportVersion: 1.91-0ubuntu1
Architecture: amd64
CheckboxSubmission: 2f383a1679e8525d7196eb2518a1921f
CheckboxSystem: bb422ca46d02494cdbc459927a98bc2f
CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: compiz
Date: Mon Feb 13 11:29:44 2012
DistUpgraded: Log time: 2011-12-02 10:42:12.615728
DistroCodename: precise
DistroVariant: ubuntu
ExecutablePath: /usr/bin/Xorg
ExecutableTimestamp: 1328935414
ExtraDebuggingInterest: Yes, if not too technical
GraphicsCard:
 Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0126] (rev 09) (prog-if 00 [VGA controller])
   Subsystem: Lenovo Device [17aa:21da]
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha amd64 (20110817)
MachineType: LENOVO 429149G
ProcCmdline: /usr/bin/X :0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch -background none
ProcCwd: /etc/X11
ProcEnviron:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-15-generic root=UUID=51ab960b-a2da-4841-98ce-c017f0582971 ro quiet splash vt.handoff=7
SegvAnalysis:
 Segfault happened at: 0x7f2934a65b88 <XIChangeDeviceProperty+456>: mov 0x10(%r12),%rax
 PC (0x7f2934a65b88) ok
 source "0x10(%r12)" (0x7f2900000010) not located in a known VMA region (needed readable region)!
 destination "%rax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: xorg-server
StacktraceTop:
 XIGetDeviceProperty ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: Xorg crashed with SIGSEGV in XIGetDeviceProperty()
UpgradeStatus: Upgraded to precise on 2012-01-12 (31 days ago)
UserGroups:

dmi.bios.date: 05/18/2011
dmi.bios.vendor: LENOVO
dmi.bios.version: 8DET46WW (1.16 )
dmi.board.asset.tag: Not Available
dmi.board.name: 429149G
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr8DET46WW(1.16):bd05/18/2011:svnLENOVO:pn429149G:pvrThinkPadX220:rvnLENOVO:rn429149G:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 429149G
dmi.product.version: ThinkPad X220
dmi.sys.vendor: LENOVO
version.compiz: compiz 1:0.9.6+bzr20110929-0ubuntu8
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.30-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 8.0~rc2-0ubuntu5
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 8.0~rc2-0ubuntu5
version.xserver-xorg-core: xserver-xorg-core 2:1.11.4-0ubuntu1
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.6.99.901-1ubuntu3
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20111219.aacbd629-0ubuntu2
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.17.0-1ubuntu3
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20111201+b5534a1-1build2