aboutsummaryrefslogtreecommitdiff
path: root/libXinerama/src/Xinerama.c
diff options
context:
space:
mode:
Diffstat (limited to 'libXinerama/src/Xinerama.c')
-rw-r--r--libXinerama/src/Xinerama.c61
1 files changed, 45 insertions, 16 deletions
diff --git a/libXinerama/src/Xinerama.c b/libXinerama/src/Xinerama.c
index 7d7e4d856..67a35b578 100644
--- a/libXinerama/src/Xinerama.c
+++ b/libXinerama/src/Xinerama.c
@@ -23,6 +23,10 @@ dealings in this Software without prior written authorization from Digital
Equipment Corporation.
******************************************************************/
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
#include <X11/Xlibint.h>
#include <X11/Xutil.h>
#include <X11/extensions/Xext.h>
@@ -31,6 +35,19 @@ Equipment Corporation.
#include <X11/extensions/panoramiXproto.h>
#include <X11/extensions/Xinerama.h>
+#ifndef HAVE__XEATDATAWORDS
+#include <X11/Xmd.h> /* for LONG64 on 64-bit platforms */
+#include <limits.h>
+
+static inline void _XEatDataWords(Display *dpy, unsigned long n)
+{
+# ifndef LONG64
+ if (n >= (ULONG_MAX >> 2))
+ _XIOError(dpy);
+# endif
+ _XEatData (dpy, n << 2);
+}
+#endif
static XExtensionInfo _panoramiX_ext_info_data;
static XExtensionInfo *panoramiX_ext_info = &_panoramiX_ext_info_data;
@@ -286,24 +303,36 @@ XineramaQueryScreens(
return NULL;
}
- if(rep.number) {
- if((scrnInfo = Xmalloc(sizeof(XineramaScreenInfo) * rep.number))) {
+ /*
+ * rep.number is a CARD32 so could be as large as 2^32
+ * The X11 protocol limits the total screen size to 64k x 64k,
+ * and no screen can be smaller than a pixel. While technically
+ * that means we could theoretically reach 2^32 screens, and that's
+ * not even taking overlap into account, Xorg is currently limited
+ * to 16 screens, and few known servers have a much higher limit,
+ * so 1024 seems more than enough to prevent both integer overflow
+ * and insane X server responses causing massive memory allocation.
+ */
+ if ((rep.number > 0) && (rep.number <= 1024))
+ scrnInfo = Xmalloc(sizeof(XineramaScreenInfo) * rep.number);
+ if (scrnInfo != NULL) {
+ int i;
+
+ for (i = 0; i < rep.number; i++) {
xXineramaScreenInfo scratch;
- int i;
-
- for(i = 0; i < rep.number; i++) {
- _XRead(dpy, (char*)(&scratch), sz_XineramaScreenInfo);
- scrnInfo[i].screen_number = i;
- scrnInfo[i].x_org = scratch.x_org;
- scrnInfo[i].y_org = scratch.y_org;
- scrnInfo[i].width = scratch.width;
- scrnInfo[i].height = scratch.height;
- }
-
- *number = rep.number;
- } else
- _XEatData(dpy, rep.length << 2);
+
+ _XRead(dpy, (char*)(&scratch), sz_XineramaScreenInfo);
+
+ scrnInfo[i].screen_number = i;
+ scrnInfo[i].x_org = scratch.x_org;
+ scrnInfo[i].y_org = scratch.y_org;
+ scrnInfo[i].width = scratch.width;
+ scrnInfo[i].height = scratch.height;
+ }
+
+ *number = rep.number;
} else {
+ _XEatDataWords(dpy, rep.length);
*number = 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-19 09:42:26 +0000