aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/lib/modules/im/ximcp
diff options
context:
space:
mode:
Diffstat (limited to 'nx-X11/lib/modules/im/ximcp')
-rw-r--r--nx-X11/lib/modules/im/ximcp/imCallbk.c4
-rw-r--r--nx-X11/lib/modules/im/ximcp/imDefIc.c8
-rw-r--r--nx-X11/lib/modules/im/ximcp/imDefIm.c37
-rw-r--r--nx-X11/lib/modules/im/ximcp/imInsClbk.c11
-rw-r--r--nx-X11/lib/modules/im/ximcp/imLcFlt.c14
-rw-r--r--nx-X11/lib/modules/im/ximcp/imLcPrs.c6
-rw-r--r--nx-X11/lib/modules/im/ximcp/imRmAttr.c52
-rw-r--r--nx-X11/lib/modules/im/ximcp/imThaiFlt.c4
-rw-r--r--nx-X11/lib/modules/im/ximcp/imTrX.c1
-rw-r--r--nx-X11/lib/modules/im/ximcp/imTrans.c1
10 files changed, 89 insertions, 49 deletions
diff --git a/nx-X11/lib/modules/im/ximcp/imCallbk.c b/nx-X11/lib/modules/im/ximcp/imCallbk.c
index ead0806c6..359d9b8ca 100644
--- a/nx-X11/lib/modules/im/ximcp/imCallbk.c
+++ b/nx-X11/lib/modules/im/ximcp/imCallbk.c
@@ -265,7 +265,7 @@ _XimGeometryCallback(Xim im,
{
XICCallback* cb = &ic->core.geometry_callback;
- /* invoke the callack
+ /* invoke the callback
*/
if (cb && cb->callback) {
(*cb->callback)((XIC)ic, cb->client_data, (XPointer)NULL);
@@ -728,7 +728,7 @@ _XimPreeditStateNotifyCallback( Xim im, Xic ic, char* proto, int len )
{
XICCallback *cb = &ic->core.preedit_attr.state_notify_callback;
- /* invoke the callack
+ /* invoke the callback
*/
if( cb && cb->callback ) {
XIMPreeditStateNotifyCallbackStruct cbrec;
diff --git a/nx-X11/lib/modules/im/ximcp/imDefIc.c b/nx-X11/lib/modules/im/ximcp/imDefIc.c
index 30c2d0136..d552aa9e7 100644
--- a/nx-X11/lib/modules/im/ximcp/imDefIc.c
+++ b/nx-X11/lib/modules/im/ximcp/imDefIc.c
@@ -350,7 +350,7 @@ _XimProtoGetICValues(
+ sizeof(INT16)
+ XIM_PAD(2 + buf_size);
- if (!(buf = Xmalloc(buf_size)))
+ if (!(buf = Xcalloc(buf_size, 1)))
return arg->name;
buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];
@@ -708,6 +708,7 @@ _XimProtoSetICValues(
#endif /* XIM_CONNECTABLE */
_XimGetCurrentICValues(ic, &ic_values);
+ memset(tmp_buf, 0, sizeof(tmp_buf32));
buf = tmp_buf;
buf_size = XIM_HEADER_SIZE
+ sizeof(CARD16) + sizeof(CARD16) + sizeof(INT16) + sizeof(CARD16);
@@ -730,7 +731,7 @@ _XimProtoSetICValues(
buf_size += ret_len;
if (buf == tmp_buf) {
- if (!(tmp = Xmalloc(buf_size + data_len))) {
+ if (!(tmp = Xcalloc(buf_size + data_len, 1))) {
return tmp_name;
}
memcpy(tmp, buf, buf_size);
@@ -740,6 +741,7 @@ _XimProtoSetICValues(
Xfree(buf);
return tmp_name;
}
+ memset(&tmp[buf_size], 0, data_len);
buf = tmp;
}
}
@@ -867,6 +869,7 @@ _XimProtoICFree(
}
#endif /* XIM_CONNECTABLE */
+
Xfree(ic->private.proto.saved_icvalues);
ic->private.proto.saved_icvalues = NULL;
@@ -878,6 +881,7 @@ _XimProtoICFree(
Xfree(ic->core.hotkey);
ic->core.hotkey = NULL;
+
return;
}
diff --git a/nx-X11/lib/modules/im/ximcp/imDefIm.c b/nx-X11/lib/modules/im/ximcp/imDefIm.c
index 2a1ccb4ec..14da20bc4 100644
--- a/nx-X11/lib/modules/im/ximcp/imDefIm.c
+++ b/nx-X11/lib/modules/im/ximcp/imDefIm.c
@@ -62,6 +62,7 @@ PERFORMANCE OF THIS SOFTWARE.
#include "XimTrInt.h"
#include "Ximint.h"
+#include <limits.h>
int
_XimCheckDataSize(
@@ -330,9 +331,7 @@ _XimPreConnectionIM(
else
goto Error;
}
- if( (locale_name[3] = Xmalloc(llen+1)) != NULL )
- strcpy( locale_name[3], language );
- else
+ if( (locale_name[3] = strdup(language)) == NULL )
goto Error;
if((locales = XInternAtom(display, XIM_LOCALES, True)) == (Atom)None)
goto Error;
@@ -809,12 +808,16 @@ _XimOpen(
int buf_size;
int ret_code;
char *locale_name;
+ size_t locale_len;
locale_name = im->private.proto.locale_name;
- len = strlen(locale_name);
- buf_b[0] = (BYTE)len; /* length of locale name */
- (void)strcpy((char *)&buf_b[1], locale_name); /* locale name */
- len += sizeof(BYTE); /* sizeof length */
+ locale_len = strlen(locale_name);
+ if (locale_len > UCHAR_MAX)
+ return False;
+ memset(buf32, 0, sizeof(buf32));
+ buf_b[0] = (BYTE)locale_len; /* length of locale name */
+ memcpy(&buf_b[1], locale_name, locale_len); /* locale name */
+ len = (INT16)(locale_len + sizeof(BYTE)); /* sizeof length */
XIM_SET_PAD(buf_b, len); /* pad */
_XimSetHeader((XPointer)buf, XIM_OPEN, 0, &len);
@@ -871,7 +874,7 @@ _XimOpen(
_XimSetIMMode(im->private.proto.im_inner_resources,
im->private.proto.im_num_inner_resources);
- /* Transport Callbak */
+ /* Transport Callback */
_XimRegProtoIntrCallback(im, XIM_SET_EVENT_MASK, 0,
_XimSetEventMaskCallback, (XPointer)im);
_XimRegProtoIntrCallback(im, XIM_FORWARD_EVENT, 0,
@@ -1289,6 +1292,7 @@ _XimProtoSetIMValues(
#endif /* XIM_CONNECTABLE */
_XimGetCurrentIMValues(im, &im_values);
+ memset(tmp_buf, 0, sizeof(tmp_buf32));
buf = tmp_buf;
buf_size = XIM_HEADER_SIZE + sizeof(CARD16) + sizeof(INT16);
data_len = BUFSIZE - buf_size;
@@ -1299,8 +1303,6 @@ _XimProtoSetIMValues(
if ((name = _XimEncodeIMATTRIBUTE(im, im->core.im_resources,
im->core.im_num_resources, arg, &arg_ret, data, data_len,
&ret_len, (XPointer)&im_values, XIM_SETIMVALUES))) {
- if (buf != tmp_buf)
- Xfree(buf);
break;
}
@@ -1311,7 +1313,7 @@ _XimProtoSetIMValues(
buf_size += ret_len;
if (buf == tmp_buf) {
- if (!(tmp = Xmalloc(buf_size + data_len))) {
+ if (!(tmp = Xcalloc(buf_size + data_len, 1))) {
return arg->name;
}
memcpy(tmp, buf, buf_size);
@@ -1321,6 +1323,7 @@ _XimProtoSetIMValues(
Xfree(buf);
return arg->name;
}
+ memset(&tmp[buf_size], 0, data_len);
buf = tmp;
}
}
@@ -1462,7 +1465,7 @@ _XimProtoGetIMValues(
+ sizeof(INT16)
+ XIM_PAD(buf_size);
- if (!(buf = Xmalloc(buf_size)))
+ if (!(buf = Xcalloc(buf_size, 1)))
return arg->name;
buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];
@@ -1562,10 +1565,10 @@ _XimSetEncodingByName(
*buf = (char *)ret;
ret[0] = (BYTE)encoding_len;
- (void)strncpy((char *)&ret[1], encoding, encoding_len);
+ memcpy(&ret[1], encoding, encoding_len);
ret += (encoding_len + sizeof(BYTE));
ret[0] = (BYTE)compound_len;
- (void)strncpy((char *)&ret[1], "COMPOUND_TEXT", compound_len);
+ memcpy(&ret[1], "COMPOUND_TEXT", compound_len);
return True;
}
@@ -1724,7 +1727,7 @@ _XimEncodingNegotiation(
+ sizeof(CARD16)
+ detail_len;
- if (!(buf = Xmalloc(XIM_HEADER_SIZE + len)))
+ if (!(buf = Xcalloc(XIM_HEADER_SIZE + len, 1)))
goto free_detail_ptr;
buf_s = (CARD16 *)&buf[XIM_HEADER_SIZE];
@@ -1820,6 +1823,7 @@ _XimSendSavedIMValues(
int ret_code;
_XimGetCurrentIMValues(im, &im_values);
+ memset(tmp_buf, 0, sizeof(tmp_buf32));
buf = tmp_buf;
buf_size = XIM_HEADER_SIZE + sizeof(CARD16) + sizeof(INT16);
data_len = BUFSIZE - buf_size;
@@ -1842,7 +1846,7 @@ _XimSendSavedIMValues(
buf_size += ret_len;
if (buf == tmp_buf) {
- if (!(tmp = Xmalloc(buf_size + data_len))) {
+ if (!(tmp = Xcalloc(buf_size + data_len, 1))) {
return False;
}
memcpy(tmp, buf, buf_size);
@@ -1852,6 +1856,7 @@ _XimSendSavedIMValues(
Xfree(buf);
return False;
}
+ memset(&tmp[buf_size], 0, data_len);
buf = tmp;
}
}
diff --git a/nx-X11/lib/modules/im/ximcp/imInsClbk.c b/nx-X11/lib/modules/im/ximcp/imInsClbk.c
index 214e0a9af..62f157f1d 100644
--- a/nx-X11/lib/modules/im/ximcp/imInsClbk.c
+++ b/nx-X11/lib/modules/im/ximcp/imInsClbk.c
@@ -162,6 +162,7 @@ _XimRegisterIMInstantiateCallback(
{
XimInstCallback icb, tmp;
XIM xim;
+ char *modifiers = NULL;
Window root;
XWindowAttributes attr;
@@ -171,11 +172,18 @@ _XimRegisterIMInstantiateCallback(
icb = Xmalloc(sizeof(XimInstCallbackRec));
if( !icb )
return( False );
+ if (lcd->core->modifiers) {
+ modifiers = strdup(lcd->core->modifiers);
+ if (!modifiers) {
+ Xfree(icb);
+ return( False );
+ }
+ }
icb->call = icb->destroy = False;
icb->display = display;
icb->lcd = lcd;
MakeLocale( lcd, icb->name );
- icb->modifiers = lcd->core->modifiers; /* XXXXX */
+ icb->modifiers = modifiers;
icb->rdb = rdb;
icb->res_name = res_name;
icb->res_class = res_class;
@@ -258,6 +266,7 @@ _XimUnRegisterIMInstantiateCallback(
else
picb->next = icb->next;
_XCloseLC( icb->lcd );
+ XFree( icb->modifiers );
XFree( icb );
}
return( True );
diff --git a/nx-X11/lib/modules/im/ximcp/imLcFlt.c b/nx-X11/lib/modules/im/ximcp/imLcFlt.c
index 50f4c252a..0bd1e262c 100644
--- a/nx-X11/lib/modules/im/ximcp/imLcFlt.c
+++ b/nx-X11/lib/modules/im/ximcp/imLcFlt.c
@@ -47,7 +47,8 @@ _XimLocalFilter(Display *d, Window w, XEvent *ev, XPointer client_data)
unsigned currstate;
DefTree *b = ic->private.local.base.tree;
DTIndex t;
- Bool braille = False, anymodifier = False;
+ Bool anymodifier = False;
+ unsigned char braillePattern = 0;
if(ev->xkey.keycode == 0)
return (False);
@@ -67,10 +68,11 @@ _XimLocalFilter(Display *d, Window w, XEvent *ev, XPointer client_data)
}
ic->private.local.brl_pressed &= ~(1<<(keysym-XK_braille_dot_1));
if(!ic->private.local.brl_pressed && ic->private.local.brl_committing) {
- /* Commited a braille pattern, let it go through compose tree */
+ /* Committed a braille pattern, let it go through compose tree */
keysym = XK_braille_blank | ic->private.local.brl_committing;
ev->type = KeyPress;
- braille = True;
+ braillePattern = ic->private.local.brl_committing;
+ ic->private.local.brl_committing = 0;
} else {
return(True);
}
@@ -138,16 +140,16 @@ _XimLocalFilter(Display *d, Window w, XEvent *ev, XPointer client_data)
(ev->type == KeyRelease && !anymodifier)) {
goto emit_braille;
}
- /* Error (Sequence Unmatch occured) */
+ /* Error (Sequence Unmatch occurred) */
/* initialize internal state for next key sequence */
ic->private.local.context = ((Xim)ic->core.im)->private.local.top;
return (ev->type == KeyPress);
}
emit_braille:
- if(braille) {
+ if(braillePattern) {
/* Braille pattern is not in compose tree, emit alone */
- ic->private.local.brl_committed = ic->private.local.brl_committing;
+ ic->private.local.brl_committed = braillePattern;
ic->private.local.composed = 0;
ev->xkey.keycode = 0;
_XPutBackEvent(d, ev);
diff --git a/nx-X11/lib/modules/im/ximcp/imLcPrs.c b/nx-X11/lib/modules/im/ximcp/imLcPrs.c
index fa992e5d3..d374d6ca8 100644
--- a/nx-X11/lib/modules/im/ximcp/imLcPrs.c
+++ b/nx-X11/lib/modules/im/ximcp/imLcPrs.c
@@ -501,7 +501,7 @@ parseline(
if ((filename = TransFileName(im, tokenbuf)) == NULL)
goto error;
infp = _XFopenFile(filename, "r");
- Xfree(filename);
+ Xfree(filename);
if (infp == NULL)
goto error;
parsestringfile(infp, im, depth);
@@ -676,8 +676,10 @@ parseline(
goto error;
b->tree = new;
b->treesize = newsize;
+ /* Re-derive top after realloc() to avoid undefined behaviour
+ (and crashes on architectures that track pointer bounds). */
if (top >= (DTIndex *) old && top < (DTIndex *) &old[oldsize])
- top = (DTIndex *) (((char *) top) + (((char *)b->tree)-(char *)old));
+ top = (DTIndex *) (((char *)new) + (((char *)top)-(char *)old));
}
p = &b->tree[b->treeused];
p->keysym = buf[i].keysym;
diff --git a/nx-X11/lib/modules/im/ximcp/imRmAttr.c b/nx-X11/lib/modules/im/ximcp/imRmAttr.c
index 9d4e46258..709e64ab5 100644
--- a/nx-X11/lib/modules/im/ximcp/imRmAttr.c
+++ b/nx-X11/lib/modules/im/ximcp/imRmAttr.c
@@ -29,6 +29,8 @@ PERFORMANCE OF THIS SOFTWARE.
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+#include <limits.h>
+
#include "Xlibint.h"
#include "Xlcint.h"
#include "Ximint.h"
@@ -214,7 +216,7 @@ _XimAttributeToValue(
Xic ic,
XIMResourceList res,
CARD16 *data,
- INT16 data_len,
+ CARD16 data_len,
XPointer value,
BITMASK32 mode)
{
@@ -250,18 +252,24 @@ _XimAttributeToValue(
case XimType_XIMStyles:
{
- INT16 num = data[0];
+ CARD16 num = data[0];
register CARD32 *style_list = (CARD32 *)&data[2];
XIMStyle *style;
XIMStyles *rep;
register int i;
char *p;
- int alloc_len;
+ unsigned int alloc_len;
if (!(value))
return False;
+ if (num > (USHRT_MAX / sizeof(XIMStyle)))
+ return False;
+ if ((2 * sizeof(CARD16) + (num * sizeof(CARD32))) > data_len)
+ return False;
alloc_len = sizeof(XIMStyles) + sizeof(XIMStyle) * num;
+ if (alloc_len < sizeof(XIMStyles))
+ return False;
if (!(p = Xmalloc(alloc_len)))
return False;
@@ -313,7 +321,7 @@ _XimAttributeToValue(
case XimType_XFontSet:
{
- INT16 len = data[0];
+ CARD16 len = data[0];
char *base_name;
XFontSet rep = (XFontSet)NULL;
char **missing_list = NULL;
@@ -324,11 +332,12 @@ _XimAttributeToValue(
return False;
if (!ic)
return False;
-
+ if (len > data_len)
+ return False;
if (!(base_name = Xmalloc(len + 1)))
return False;
- (void)strncpy(base_name, (char *)&data[1], (int)len);
+ (void)strncpy(base_name, (char *)&data[1], (size_t)len);
base_name[len] = '\0';
if (mode & XIM_PREEDIT_ATTR) {
@@ -357,19 +366,25 @@ _XimAttributeToValue(
case XimType_XIMHotKeyTriggers:
{
- INT32 num = *((CARD32 *)data);
+ CARD32 num = *((CARD32 *)data);
register CARD32 *key_list = (CARD32 *)&data[2];
XIMHotKeyTrigger *key;
XIMHotKeyTriggers *rep;
register int i;
char *p;
- int alloc_len;
+ unsigned int alloc_len;
if (!(value))
return False;
+ if (num > (UINT_MAX / sizeof(XIMHotKeyTrigger)))
+ return False;
+ if ((2 * sizeof(CARD16) + (num * 3 * sizeof(CARD32))) > data_len)
+ return False;
alloc_len = sizeof(XIMHotKeyTriggers)
+ sizeof(XIMHotKeyTrigger) * num;
+ if (alloc_len < sizeof(XIMHotKeyTriggers))
+ return False;
if (!(p = Xmalloc(alloc_len)))
return False;
@@ -1378,13 +1393,13 @@ _XimEncodeSavedICATTRIBUTE(
static unsigned int
_XimCountNumberOfAttr(
- INT16 total,
- CARD16 *attr,
- int *names_len)
+ CARD16 total,
+ CARD16 *attr,
+ unsigned int *names_len)
{
unsigned int n;
- INT16 len;
- INT16 min_len = sizeof(CARD16) /* sizeof attribute ID */
+ CARD16 len;
+ CARD16 min_len = sizeof(CARD16) /* sizeof attribute ID */
+ sizeof(CARD16) /* sizeof type of value */
+ sizeof(INT16); /* sizeof length of attribute */
@@ -1392,6 +1407,9 @@ _XimCountNumberOfAttr(
*names_len = 0;
while (total > min_len) {
len = attr[2];
+ if (len > (total - min_len)) {
+ return 0;
+ }
*names_len += (len + 1);
len += (min_len + XIM_PAD(len + 2));
total -= len;
@@ -1406,17 +1424,15 @@ _XimGetAttributeID(
Xim im,
CARD16 *buf)
{
- unsigned int n;
+ unsigned int n, names_len, values_len;
XIMResourceList res;
char *names;
- int names_len;
XPointer tmp;
XIMValuesList *values_list;
char **values;
- int values_len;
register int i;
- INT16 len;
- INT16 min_len = sizeof(CARD16) /* sizeof attribute ID */
+ CARD16 len;
+ CARD16 min_len = sizeof(CARD16) /* sizeof attribute ID */
+ sizeof(CARD16) /* sizeof type of value */
+ sizeof(INT16); /* sizeof length of attr */
/*
diff --git a/nx-X11/lib/modules/im/ximcp/imThaiFlt.c b/nx-X11/lib/modules/im/ximcp/imThaiFlt.c
index 401bd9a08..1314588b4 100644
--- a/nx-X11/lib/modules/im/ximcp/imThaiFlt.c
+++ b/nx-X11/lib/modules/im/ximcp/imThaiFlt.c
@@ -129,7 +129,7 @@ char const tactis_chtype[TACTIS_CHARS] = {
static
char const write_rules_lookup[CH_CLASSES][CH_CLASSES] = {
- /* Table 0: writing/outputing rules */
+ /* Table 0: writing/outputting rules */
/* row: leading char, column: following char */
/* CTRL NON CONS LV FV1 FV2 FV3 BV1 BV2 BD TONE AD1 AD2 AD3 AV1 AV2 AV3 */
{XC, NC, NC, NC, NC, NC, NC, NC, NC, NC, NC, NC, NC, NC, NC, NC, NC}/*CTRL*/
@@ -821,7 +821,7 @@ XThaiTranslateKey(
* 4 of the keymap.
* Since we don't know whether ThaiCat keyboard or WTT keyboard is
* in use, the same mapping is done for all Thai input.
- * We just arbitary choose to use column 3 keysyms as the indices of
+ * We just arbitrarily choose to use column 3 keysyms as the indices of
* this mapping.
* When the control key is also hold, this mapping has no effect.
*/
diff --git a/nx-X11/lib/modules/im/ximcp/imTrX.c b/nx-X11/lib/modules/im/ximcp/imTrX.c
index 148b7fc90..be7118c6f 100644
--- a/nx-X11/lib/modules/im/ximcp/imTrX.c
+++ b/nx-X11/lib/modules/im/ximcp/imTrX.c
@@ -93,6 +93,7 @@ _XimXFreeIntrCallback(
Xfree(rec);
rec = next;
}
+ spec->intr_cb = NULL;
return;
}
diff --git a/nx-X11/lib/modules/im/ximcp/imTrans.c b/nx-X11/lib/modules/im/ximcp/imTrans.c
index 7f936cff6..212a1238f 100644
--- a/nx-X11/lib/modules/im/ximcp/imTrans.c
+++ b/nx-X11/lib/modules/im/ximcp/imTrans.c
@@ -176,6 +176,7 @@ _XimFreeTransIntrCallback(
Xfree(rec);
rec = next;
}
+ spec->intr_cb = NULL;
return;
}