aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Sibiller <uli42@gmx.de>2018-12-17 23:58:16 +0100
committerUlrich Sibiller <uli42@gmx.de>2018-12-17 23:58:16 +0100
commita4fad8f58e8c7f601f70801016861f970ab05827 (patch)
tree8918e0cd97d4b570853c7eb6cfb5c68ddae37cc1
parent989398afe84d6ceab891926d59aceb8aa1067785 (diff)
downloadnx-libs-a4fad8f58e8c7f601f70801016861f970ab05827.tar.gz
nx-libs-a4fad8f58e8c7f601f70801016861f970ab05827.tar.bz2
nx-libs-a4fad8f58e8c7f601f70801016861f970ab05827.zip
Fix crash due to uninitialized VModMap fields.
Backport of commit 81b3b0cce088866dc3cda099d7c8d6655849fd43 Author: Tomas Janousek <tomi@nomi.cz> Date: Wed May 20 15:03:01 2009 +0200 Bug #6428, #16458, #21464: Fix crash due to uninitialized VModMap fields. In ProcXkbGetKbdByName, mrep.firstVModMapKey, .nVModMapKeys and .totalVModMapKeys were not initialized, contained random values and caused accesses to unallocated and later modified memory, causing XkbSizeVirtualModMap and XkbWriteVirtualModMap to see different number of nonzero values, resulting in writes past the end of an array in XkbSendMap. This patch initializes those values sensibly and reverts commits 5c0a2088 and 6dd4fc46, which have been plain non-sense. Signed-off-by: Tomas Janousek <tomi@nomi.cz> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
-rw-r--r--nx-X11/programs/Xserver/xkb/xkb.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/nx-X11/programs/Xserver/xkb/xkb.c b/nx-X11/programs/Xserver/xkb/xkb.c
index e11d7e26b..67d7f2b95 100644
--- a/nx-X11/programs/Xserver/xkb/xkb.c
+++ b/nx-X11/programs/Xserver/xkb/xkb.c
@@ -1185,7 +1185,7 @@ XkbSizeVirtualModMap(XkbDescPtr xkb,xkbGetMapReply *rep)
rep->totalVModMapKeys= 0;
return 0;
}
- for (nRtrn=i=0;i<rep->nVModMapKeys-1;i++) {
+ for (nRtrn=i=0;i<rep->nVModMapKeys;i++) {
if (xkb->server->vmodmap[i+rep->firstVModMapKey]!=0)
nRtrn++;
}
@@ -5128,7 +5128,7 @@ ProcXkbGetKbdByName(ClientPtr client)
mrep.present = 0;
mrep.totalSyms = mrep.totalActs =
mrep.totalKeyBehaviors= mrep.totalKeyExplicit=
- mrep.totalModMapKeys= 0;
+ mrep.totalModMapKeys= mrep.totalVModMapKeys= 0;
if (rep.reported&(XkbGBN_TypesMask|XkbGBN_ClientSymbolsMask)) {
mrep.present|= XkbKeyTypesMask;
mrep.firstType = 0;
@@ -5154,6 +5154,8 @@ ProcXkbGetKbdByName(ClientPtr client)
mrep.firstKeyExplicit = finfo.xkb->min_key_code;
mrep.nKeyActs = mrep.nKeyBehaviors =
mrep.nKeyExplicit = XkbNumKeys(finfo.xkb);
+ mrep.firstVModMapKey= finfo.xkb->min_key_code;
+ mrep.nVModMapKeys= XkbNumKeys(finfo.xkb);
}
else {
mrep.virtualMods= 0;