74b4ca132f
A few not-really-an-issue fixes found by Claude: 1. ctx->buttons_down[number]: the 'number' value comes from libinput_event_tablet_pad_get_button_number() and is written into a fixed-size array of 32 elements without bounds checking. A crafted or malicious device reporting button numbers >= 32 causes a stack buffer overflow. 2. ctx->ring[number], ctx->strip[number], ctx->dial[number]: these are fixed-size arrays of 2 elements each. Ring/strip/dial numbers from libinput events are used as indices without bounds checking. Values >= 2 cause out-of-bounds writes. 3. assert()-based error handling for open() and libevdev_new_from_fd(): assert() is compiled to a no-op in release builds (NDEBUG). This means that in release builds, a failed open() returns fd=-1, and libevdev_new_from_fd() is called with an invalid fd. The result is undefined behavior. 4. Variable-length array (VLA) 'empty[termwidth]' in print_bar(): termwidth comes from an ioctl(TIOCGWINSZ) call and could be very large, causing a stack overflow. Replace with a fixed-size buffer. None of these really matter for a niche debugging tool. Co-Authored-by: Claude Code <noreply@anthropic.com> Part-of: <https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1467> |
||
|---|---|---|
| .gitlab/issue_templates | ||
| .gitlab-ci | ||
| completion/zsh | ||
| doc | ||
| include | ||
| plugins | ||
| quirks | ||
| src | ||
| test | ||
| tools | ||
| udev | ||
| .clang-format | ||
| .clang-format-ignore | ||
| .clang-tidy | ||
| .clang-tidy-ignore | ||
| .dir-locals.el | ||
| .editorconfig | ||
| .git-blame-ignore-revs | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .pre-commit-config.yaml | ||
| .triage-policies.yml | ||
| .vimdir | ||
| CODING_STYLE.md | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| meson.build | ||
| meson_options.txt | ||
| README.md | ||
libinput
libinput is a library that provides a full input stack for display servers and other applications that need to handle input devices provided by the kernel.
libinput provides device detection, event handling and abstraction to minimize the amount of custom input code the user of libinput needs to provide the common set of functionality that users expect. Input event processing includes scaling touch coordinates, generating relative pointer events from touchpads, pointer acceleration, etc.
User documentation
Documentation explaining features available in libinput is available here.
This includes the FAQ and the instructions on reporting bugs.
Source code
The source code of libinput can be found at: https://gitlab.freedesktop.org/libinput/libinput
For a list of current and past releases visit: https://www.freedesktop.org/wiki/Software/libinput/
Build instructions: https://wayland.freedesktop.org/libinput/doc/latest/building.html
Reporting Bugs
Bugs can be filed on freedesktop.org GitLab: https://gitlab.freedesktop.org/libinput/libinput/issues/
Where possible, please provide the libinput record output
of the input device and/or the event sequence in question.
See https://wayland.freedesktop.org/libinput/doc/latest/reporting-bugs.html for more info.
Documentation
- Developer API documentation: https://wayland.freedesktop.org/libinput/doc/latest/development.html
- High-level documentation about libinput's features: https://wayland.freedesktop.org/libinput/doc/latest/features.html
- Build instructions: https://wayland.freedesktop.org/libinput/doc/latest/building.html
- Documentation for previous versions of libinput: https://wayland.freedesktop.org/libinput/doc/
Examples of how to use libinput are the debugging tools in the libinput repository. Developers are encouraged to look at those tools for a real-world (yet simple) example on how to use libinput.
- A commandline debugging tool: https://gitlab.freedesktop.org/libinput/libinput/tree/main/tools/libinput-debug-events.c
- A GTK application that draws cursor/touch/tablet positions: https://gitlab.freedesktop.org/libinput/libinput/tree/main/tools/libinput-debug-gui.c
License
libinput is licensed under the MIT license.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: [...]
See the COPYING file for the full license information.
About
Documentation generated from git commit GIT_VERSION