diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-08-16 18:14:14 -0700 |
|---|---|---|
| committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-19 21:40:28 +0200 |
| commit | 3cd82252610ac02483f776de95c9c771e71d8864 (patch) | |
| tree | b6264f23236cbd9c73d88767ad004897ba41482b /nx-X11/lib/X11/Border.c | |
| parent | c22524d30e773048fad4c14e4636bb045e20439f (diff) | |
| download | nx-libs-3cd82252610ac02483f776de95c9c771e71d8864.tar.gz nx-libs-3cd82252610ac02483f776de95c9c771e71d8864.tar.bz2 nx-libs-3cd82252610ac02483f776de95c9c771e71d8864.zip | |
Fix overflow checks in _XkbReadKeySyms when key_sym_map is already created
We were checking to make sure that the largest keysym value was within
the range of the allocated buffer, but checking against different limits
in the not-yet-allocated vs. the already-allocated branches.
The check should be the same in both, and reflect the size used for the
allocation, which is based on the maximum key code value, so we move it
to be a common check, before we branch, instead of duplicating in each
branch.
map->key_sym_map is an array of XkbSymMapRec structs, [0..max_key_code]
map->syms is the array for which num_syms is recorded, hence is not the
right value to check for ensuring our key_sym_map accesses are in range.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reported-by: Barry Kauler <bkauler@gmail.com>
Tested-by: Barry Kauler <bkauler@gmail.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nx-X11/lib/X11/Border.c')
0 files changed, 0 insertions, 0 deletions