mirror of
https://gitlab.freedesktop.org/libinput/libinput.git
synced 2026-05-21 03:38:14 +02:00
74b4ca132f
A few not-really-an-issue fixes found by Claude: 1. ctx->buttons_down[number]: the 'number' value comes from libinput_event_tablet_pad_get_button_number() and is written into a fixed-size array of 32 elements without bounds checking. A crafted or malicious device reporting button numbers >= 32 causes a stack buffer overflow. 2. ctx->ring[number], ctx->strip[number], ctx->dial[number]: these are fixed-size arrays of 2 elements each. Ring/strip/dial numbers from libinput events are used as indices without bounds checking. Values >= 2 cause out-of-bounds writes. 3. assert()-based error handling for open() and libevdev_new_from_fd(): assert() is compiled to a no-op in release builds (NDEBUG). This means that in release builds, a failed open() returns fd=-1, and libevdev_new_from_fd() is called with an invalid fd. The result is undefined behavior. 4. Variable-length array (VLA) 'empty[termwidth]' in print_bar(): termwidth comes from an ioctl(TIOCGWINSZ) call and could be very large, causing a stack overflow. Replace with a fixed-size buffer. None of these really matter for a niche debugging tool. Co-Authored-by: Claude Code <noreply@anthropic.com> Part-of: <https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1467> |
||
|---|---|---|
| .. | ||
| libinput-analyze-buttons.man | ||
| libinput-analyze-buttons.py | ||
| libinput-analyze-per-slot-delta.man | ||
| libinput-analyze-per-slot-delta.py | ||
| libinput-analyze-recording.man | ||
| libinput-analyze-recording.py | ||
| libinput-analyze-touch-down-state.man | ||
| libinput-analyze-touch-down-state.py | ||
| libinput-analyze.c | ||
| libinput-analyze.man | ||
| libinput-debug-events.c | ||
| libinput-debug-events.man | ||
| libinput-debug-gui.c | ||
| libinput-debug-gui.man | ||
| libinput-debug-tablet-pad.c | ||
| libinput-debug-tablet-pad.man | ||
| libinput-debug-tablet.c | ||
| libinput-debug-tablet.man | ||
| libinput-list-devices.c | ||
| libinput-list-devices.man | ||
| libinput-list-kernel-devices.man | ||
| libinput-list-kernel-devices.py | ||
| libinput-measure-fuzz.man | ||
| libinput-measure-fuzz.py | ||
| libinput-measure-touch-size.man | ||
| libinput-measure-touch-size.py | ||
| libinput-measure-touchpad-pressure.man | ||
| libinput-measure-touchpad-pressure.py | ||
| libinput-measure-touchpad-size.man | ||
| libinput-measure-touchpad-size.py | ||
| libinput-measure-touchpad-tap.man | ||
| libinput-measure-touchpad-tap.py | ||
| libinput-measure.c | ||
| libinput-measure.man | ||
| libinput-quirks.c | ||
| libinput-quirks.man | ||
| libinput-record-verify-yaml.py | ||
| libinput-record.c | ||
| libinput-record.man | ||
| libinput-replay.man | ||
| libinput-replay.py | ||
| libinput-test.c | ||
| libinput-test.man | ||
| libinput-tool.c | ||
| libinput.man | ||
| make-ptraccel-graphs.sh | ||
| ptraccel-debug.c | ||
| razer-quirks-lister.py | ||
| shared.c | ||
| shared.h | ||
| test_tool_option_parsing.py | ||