fdo-mirrors/xorg-libx11
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/lib/libx11.git synced 2026-05-05 23:58:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

xkb: Allocate size_syms correctly when width of a type increases

Browse source 
The current code seems to skip syms with width less than
type->num_levels when calculating the total size for the new
size_syms. This leads to less space being allocated than necessary
during the next phase, which is to copy over the syms to the new
location. This results in an overflow leading to a crash.

(cherry picked from xorg/xserver@42ae2e8199)

Signed-off-by: Siddhesh Poyarekar <siddhesh.poyarekar@gmail.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/279>
This commit is contained in:
Siddhesh Poyarekar 2012-05-29 10:17:50 +05:30 committed by Alan Coopersmith
parent 158be3ebd7
commit 48a1335cab
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/xkb/XKBMAlloc.c
View file

@ -436,8 +436,10 @@ XkbResizeKeyType(XkbDescPtr xkb,
nResize = 0;
for (nTotal = 1, i = xkb->min_key_code; i <= xkb->max_key_code; i++) {
width = XkbKeyGroupsWidth(xkb, i);
if (width < type->num_levels)
if (width < type->num_levels || width >= new_num_lvls) {
nTotal += XkbKeyNumSyms(xkb,i);
continue;
}
for (match = 0, g = XkbKeyNumGroups(xkb, i) - 1;
(g >= 0) && (!match); g--) {
if (XkbKeyKeyTypeIndex(xkb, i, g) == type_ndx) {
@ -445,7 +447,7 @@ XkbResizeKeyType(XkbDescPtr xkb,
match = 1;
}
}
if ((!match) || (width >= new_num_lvls))
if (!match)
nTotal += XkbKeyNumSyms(xkb, i);
else {
nTotal += XkbKeyNumGroups(xkb, i) * new_num_lvls;