aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs
diff options
context:
space:
mode:
authorMihai Moldovan <ïonic@ionic.de>2016-05-27 15:52:50 +0000
committerMihai Moldovan <ïonic@ionic.de>2016-06-13 15:06:36 +0000
commit639a2c36f3a52f206d9b408ffc4580edc05f1392 (patch)
tree8c3f381f1e6bd9a18a32e0410fc4b64cbfa571d1 /nx-X11/programs
parent35613d1dcaa47fbbc6aacc95fdda16b48dd8e740 (diff)
downloadnx-libs-639a2c36f3a52f206d9b408ffc4580edc05f1392.tar.gz
nx-libs-639a2c36f3a52f206d9b408ffc4580edc05f1392.tar.bz2
nx-libs-639a2c36f3a52f206d9b408ffc4580edc05f1392.zip
nx-X11/programs/Xserver/hw/nxagent/Handlers.h: fix stack smashing related to different data type sizes between Xserver and Xlib.
While on the X server side we were expecting a 32bit value, the Xlib side in nxcompext wrote a 64bit integer to the 32bit location, hence overwriting "random" data on the stack (most notably the return adress.) We can work around this by using the Xlib-based Window data type on the server-side as well, but this problem is likely a more general one. Calling functions from libcompext in nxagent sounds like a bad idea. Other code locations might well be affected by issues alike to that as well. In order to silence compiler warnings, use a "macro hack" for overriding the "Window" type in NXlib.h.
Diffstat (limited to 'nx-X11/programs')
-rw-r--r--nx-X11/programs/Xserver/hw/nxagent/Handlers.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/nx-X11/programs/Xserver/hw/nxagent/Handlers.c b/nx-X11/programs/Xserver/hw/nxagent/Handlers.c
index cadb8e58a..1beff090b 100644
--- a/nx-X11/programs/Xserver/hw/nxagent/Handlers.c
+++ b/nx-X11/programs/Xserver/hw/nxagent/Handlers.c
@@ -32,7 +32,10 @@
#include "Screen.h"
#include "Millis.h"
+#define Window XlibWindow
#include <nx/NXlib.h>
+#undef Window
+
#include <nx/Shadow.h>
/*
@@ -956,7 +959,24 @@ void nxagentShadowWakeupHandler(void * data, int count, void * mask)
void nxagentHandleCollectInputFocusEvent(int resource)
{
- Window window;
+ /*
+ * While we don't even need window or revert_to later on, a discrepancy in
+ * data type sizes between the X server (Window being a 32bit ID) and
+ * the Xlib (Window being a 64bit ID) will lead to stack corruption here.
+ * Calling functions from nxcompext from nxagent sounds like a very bad idea
+ * to begin with, but let's assume that's necessary for now and work around
+ * the corruption issue.
+ *
+ * Even though the NXlib header shows that the function expects a Window-sized
+ * parameter, it's not the Window type as defined and used within the X.Org
+ * Server, but an Xlib type. Hence, we'll be using the "XlibWindow" type here
+ * and to avoid compiler warnings, "rewrite" the NXlib.h header file via
+ * overriding the original "Window" type with the XlibWindow type, including
+ * the header file and undefining the macro again, essentially unshadowing
+ * the original type.
+ */
+ XlibWindow window;
+
int revert_to;
if (NXGetCollectedInputFocus(nxagentDisplay, resource, &window, &revert_to) == 0)