diff options
author | Ulrich Sibiller <uli42@gmx.de> | 2018-12-17 23:58:16 +0100 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2018-12-17 23:58:16 +0100 |
commit | a4fad8f58e8c7f601f70801016861f970ab05827 (patch) | |
tree | 8918e0cd97d4b570853c7eb6cfb5c68ddae37cc1 /nx-X11/programs/Xserver/xkb | |
parent | 989398afe84d6ceab891926d59aceb8aa1067785 (diff) | |
download | nx-libs-a4fad8f58e8c7f601f70801016861f970ab05827.tar.gz nx-libs-a4fad8f58e8c7f601f70801016861f970ab05827.tar.bz2 nx-libs-a4fad8f58e8c7f601f70801016861f970ab05827.zip |
Fix crash due to uninitialized VModMap fields.
Backport of
commit 81b3b0cce088866dc3cda099d7c8d6655849fd43
Author: Tomas Janousek <tomi@nomi.cz>
Date: Wed May 20 15:03:01 2009 +0200
Bug #6428, #16458, #21464: Fix crash due to uninitialized VModMap fields.
In ProcXkbGetKbdByName, mrep.firstVModMapKey, .nVModMapKeys and
.totalVModMapKeys were not initialized, contained random values and caused
accesses to unallocated and later modified memory, causing
XkbSizeVirtualModMap and XkbWriteVirtualModMap to see different number of
nonzero values, resulting in writes past the end of an array in XkbSendMap.
This patch initializes those values sensibly and reverts commits 5c0a2088 and
6dd4fc46, which have been plain non-sense.
Signed-off-by: Tomas Janousek <tomi@nomi.cz>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'nx-X11/programs/Xserver/xkb')
-rw-r--r-- | nx-X11/programs/Xserver/xkb/xkb.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/nx-X11/programs/Xserver/xkb/xkb.c b/nx-X11/programs/Xserver/xkb/xkb.c index e11d7e26b..67d7f2b95 100644 --- a/nx-X11/programs/Xserver/xkb/xkb.c +++ b/nx-X11/programs/Xserver/xkb/xkb.c @@ -1185,7 +1185,7 @@ XkbSizeVirtualModMap(XkbDescPtr xkb,xkbGetMapReply *rep) rep->totalVModMapKeys= 0; return 0; } - for (nRtrn=i=0;i<rep->nVModMapKeys-1;i++) { + for (nRtrn=i=0;i<rep->nVModMapKeys;i++) { if (xkb->server->vmodmap[i+rep->firstVModMapKey]!=0) nRtrn++; } @@ -5128,7 +5128,7 @@ ProcXkbGetKbdByName(ClientPtr client) mrep.present = 0; mrep.totalSyms = mrep.totalActs = mrep.totalKeyBehaviors= mrep.totalKeyExplicit= - mrep.totalModMapKeys= 0; + mrep.totalModMapKeys= mrep.totalVModMapKeys= 0; if (rep.reported&(XkbGBN_TypesMask|XkbGBN_ClientSymbolsMask)) { mrep.present|= XkbKeyTypesMask; mrep.firstType = 0; @@ -5154,6 +5154,8 @@ ProcXkbGetKbdByName(ClientPtr client) mrep.firstKeyExplicit = finfo.xkb->min_key_code; mrep.nKeyActs = mrep.nKeyBehaviors = mrep.nKeyExplicit = XkbNumKeys(finfo.xkb); + mrep.firstVModMapKey= finfo.xkb->min_key_code; + mrep.nVModMapKeys= XkbNumKeys(finfo.xkb); } else { mrep.virtualMods= 0; |