aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMihai Moldovan <ïonic@ionic.de>2016-05-27 15:52:50 +0000
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2016-06-21 04:06:27 +0200
commit129cc6afd4ac49b458659ae8bb0d5201942c2aab (patch)
tree8c3f381f1e6bd9a18a32e0410fc4b64cbfa571d1
parentf5eff9bc0a1134a16b1a6e67bfe3d0b4d7cd49e9 (diff)
downloadnx-libs-129cc6afd4ac49b458659ae8bb0d5201942c2aab.tar.gz
nx-libs-129cc6afd4ac49b458659ae8bb0d5201942c2aab.tar.bz2
nx-libs-129cc6afd4ac49b458659ae8bb0d5201942c2aab.zip
nx-X11/programs/Xserver/hw/nxagent/Handlers.h: fix stack smashing related to different data type sizes between Xserver and Xlib.
While on the X server side we were expecting a 32bit value, the Xlib side in nxcompext wrote a 64bit integer to the 32bit location, hence overwriting "random" data on the stack (most notably the return adress.) We can work around this by using the Xlib-based Window data type on the server-side as well, but this problem is likely a more general one. Calling functions from libcompext in nxagent sounds like a bad idea. Other code locations might well be affected by issues alike to that as well. In order to silence compiler warnings, use a "macro hack" for overriding the "Window" type in NXlib.h.
-rw-r--r--nx-X11/programs/Xserver/hw/nxagent/Handlers.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/nx-X11/programs/Xserver/hw/nxagent/Handlers.c b/nx-X11/programs/Xserver/hw/nxagent/Handlers.c
index cadb8e58a..1beff090b 100644
--- a/nx-X11/programs/Xserver/hw/nxagent/Handlers.c
+++ b/nx-X11/programs/Xserver/hw/nxagent/Handlers.c
@@ -32,7 +32,10 @@
#include "Screen.h"
#include "Millis.h"
+#define Window XlibWindow
#include <nx/NXlib.h>
+#undef Window
+
#include <nx/Shadow.h>
/*
@@ -956,7 +959,24 @@ void nxagentShadowWakeupHandler(void * data, int count, void * mask)
void nxagentHandleCollectInputFocusEvent(int resource)
{
- Window window;
+ /*
+ * While we don't even need window or revert_to later on, a discrepancy in
+ * data type sizes between the X server (Window being a 32bit ID) and
+ * the Xlib (Window being a 64bit ID) will lead to stack corruption here.
+ * Calling functions from nxcompext from nxagent sounds like a very bad idea
+ * to begin with, but let's assume that's necessary for now and work around
+ * the corruption issue.
+ *
+ * Even though the NXlib header shows that the function expects a Window-sized
+ * parameter, it's not the Window type as defined and used within the X.Org
+ * Server, but an Xlib type. Hence, we'll be using the "XlibWindow" type here
+ * and to avoid compiler warnings, "rewrite" the NXlib.h header file via
+ * overriding the original "Window" type with the XlibWindow type, including
+ * the header file and undefining the macro again, essentially unshadowing
+ * the original type.
+ */
+ XlibWindow window;
+
int revert_to;
if (NXGetCollectedInputFocus(nxagentDisplay, resource, &window, &revert_to) == 0)