Left behind when 15e5eaf628 removed support for building without XCB.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
Flagged by cppcheck 1.62:
[lib/libX11/src/xkb/XKBGeom.c:479] -> [lib/libX11/src/xkb/XKBGeom.c:480]:
(warning) Possible null pointer dereference: row - otherwise it is
redundant to check it against null.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
clear & selectAll are set to 0 already a few lines earlier,
affectWhich is set to XkbMapNotifyMask a few lines later.
None are used between the other assignments and the removed ones.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
C89 or bust! This was documented as being needed for "only Lynx,
Linux-libc5, OS/2" and has never been enabled in modular builds,
since none of those platforms have had anyone step up to add support
since the X11R7 conversion to autotools.
Mostly performed with unifdef -UX_LOCALE, followed by removal of files
left without any purpose, and manual cleanup of remaining references.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
The field2 helper function, to split lines from Xcms.txt files into
two tab delimited fields, contained a check:
if ((*pBuf != '\n') || (*pBuf != '\0')) {
return(XcmsFailure);
which would cause it to return failure unless *pBuf had a value that
was simultaneously equal to both \n & \0, and no one wants to live in
a world where that could ever be true.
This has gone unnoticed since 1991, since this only caused lines
in Xcms.txt that started with whitespace to be rejected, but now
gcc -Wlogicalop has brought it to our attention, and
https://bugs.freedesktop.org/show_bug.cgi?id=70803 was filed.
Now that we see it, and cannot unsee it, we change it to use the
same logic as the check at other points in this function, to return
failure only if we hit \n or \0 before we find the first non-whitespace
character, so that lines starting with whitespace will have the space
skipped over to get to the color name to be defined.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Dan Nicholson <dbn.lists@gmail.com>
It's the only thing built in that directory, so we can use AM_CFLAGS
and AM_CPPFLAGS as usual.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Leftover from when these XKB files were shared with the server sources
and could be compiled in either the client or server, with the different
autoconf config files in each.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
We were checking to make sure that the largest keysym value was within
the range of the allocated buffer, but checking against different limits
in the not-yet-allocated vs. the already-allocated branches.
The check should be the same in both, and reflect the size used for the
allocation, which is based on the maximum key code value, so we move it
to be a common check, before we branch, instead of duplicating in each
branch.
map->key_sym_map is an array of XkbSymMapRec structs, [0..max_key_code]
map->syms is the array for which num_syms is recorded, hence is not the
right value to check for ensuring our key_sym_map accesses are in range.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reported-by: Barry Kauler <bkauler@gmail.com>
Tested-by: Barry Kauler <bkauler@gmail.com>
I can find no record of what this file was for. Neither the X11R6.8.2
monolith Imakefile nor any modular release Makefile.am have ever built
it and nothing else references it.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Left one cast behind that is necessary to change from const char *
to char * in src/xlibi18n/lcCharSet.c.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
sizeof() returns size_t, malloc() & calloc() expect sizes in size_t,
don't strip down to unsigned int and re-expand unnecessarily.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
The array is defined as having NUM_LOCALEDIR entries, so use that
instead of hardcoded 256 value (the other two calls already did this).
Reported by parfait:
Buffer overflow (CWE 120): In pointer dereference of argv[argc] with index argc
Pointer size is 64 elements (of 8 bytes each), index is 255
at line 82 of src/xlibi18n/lcFile.c in function 'parse_line'.
called at line 178 in function '_XlcParsePath' with argv = argv.
called at line 722 in function '_XlcLocaleLibDirName' with argv = args, argsize = 256.
at line 82 of src/xlibi18n/lcFile.c in function 'parse_line'.
called at line 178 in function '_XlcParsePath' with argv = argv.
called at line 638 in function '_XlcLocaleDirName' with argv = args, argsize = 256.
[ This bug was found by the Parfait 1.2.0 bug checking tool.
http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Add const qualifiers to casts where needed, remove other casts that
are no longer needed.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Instead of reusing the input parameter to store the output, make a
result variable instead, so that there's less const confusion.
Fixes gcc warnings:
lcWrap.c: In function 'XSetLocaleModifiers':
lcWrap.c:87:18: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
lcWrap.c:91:25: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
lcWrap.c:93:12: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Makes code considerably less crufty and clears gcc warnings:
XlcDL.c: In function '_XlcDynamicLoad':
XlcDL.c:384:44: warning: cast discards '__attribute__((const))' qualifier
from pointer target type [-Wcast-qual]
XlcDL.c:386:51: warning: cast discards '__attribute__((const))' qualifier
from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Strings from the supported_charset_list[] were being copied one by
one to a stack buffer, and then strdup called on that buffer.
Instead, just strdup the original string, without the local copy,
and use a more traditional for loop, so it's easier to figure out
what the code is doing (cleaning up a gcc const-cast warning in
the process).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
This function performs operations on a region, and when finished,
checks to see if it should compact the rectangle list. If the
number of rectangles for which memory is allocated in the list is
more than twice the number used, it tries to shrink. realloc()
should not fail in this case, but if it does, might as well keep
the correct value for the number of allocated rectangles, so we
don't try to grow it unnecessarily later if adding to the region.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Zero out the region size when freeing the region so callers don't think
there's anything there. (Pointer is already set to NULL from the realloc
result itself.) Return 0 to the callers, and have them cascade that back
to their callers to indicate failure, instead of their usual return value
of 1 on success.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Previously, if realloc failed to increase the size, we'd still
record that we had allocated the larger size, but the pointer
to it would be NULL, causing future calls to be broken, and the
previous allocation to be lost/leaked.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Previous code seemed to assume that printf("%s", NULL) would result
in a 0-length string, not "(null)" or similar, but since there's no
point looking for files in "(null)/filepath...", instead we just
skip over NULL entries in search paths when generating file names.
In the *DirName() functions, this effectively just moves the "bail on
NULL in arg[i]" check up from the later code that assigned it to targetdir
and then bailed if that was NULL.
Not sure how there ever could be a NULL in arg[i], given the current
implementation of XlcParsePath, but it's easy enough to check once and
reject up front instead of on every reference.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
File Leak: Leaked File fp
at line 219 of lib/libX11/src/xlibi18n/XlcDL.c in function 'resolve_object'.
fp initialized at line 198 with fopen
[ This bug was found by the Parfait 1.2.0 bug checking tool.
http://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
On the Xlib side, the only real difference is the mode flag we send
to the server with the address, so just make that an argument to the
function with the common code for packing the address into the request.
(Aside from labels, gcc 4.7.2 generates identical code before & after
this change due to inlining, verified via diff of gcc -S output.)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Handle arbitrary length data in the same fashion as other calls,
avoiding need to ensure it fits all in the request buffer.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This fixes the two callers of GetReqExtra to check that "req" is non-NULL
to avoid crashing now that GetReqExtra does internal bounds-checking on
the resulting buffer sizes.
Additionally updates comment describing return values to use names
instead of only literal values.
Signed-off-by: Kees Cook <kees@outflux.net>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Two users of GetReqExtra pass arbitrarily sized allocations from the
caller (ModMap and Host). Adjust _XGetRequest() (called by the GetReqExtra
macro) to double-check the requested length and invalidate "req" when
this happens. Users of GetReqExtra passing lengths greater than the Xlib
buffer size (normally 16K) must check "req" and fail gracefully instead
of crashing.
Any callers of GetReqExtra that do not check "req" for NULL
will experience this change, in the pathological case, as a NULL
dereference instead of a buffer overflow. This is an improvement, but
the documentation for GetReqExtra has been updated to reflect the need
to check the value of "req" after the call.
Bug that manifested the problem:
https://bugs.launchpad.net/ubuntu/+source/x11-xserver-utils/+bug/792628
Signed-off-by: Kees Cook <kees@outflux.net>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
[For all of these, LONG_MAX was the correct value to prevent overflows
for the recent CVEs. Lowering to INT_MAX catches buggy replies from
the server that 32-bit clients would reject but 64-bit would accept,
so we catch bugs sooner, and really, no sane & working server should
ever report more than 2gb of extension names, font path entries,
key modifier maps, etc. -alan- ]
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
clang complained (correctly):
warning: comparison of constant 768614336404564650 with expression
of type 'CARD32' (aka 'unsigned int') is always true
[-Wtautological-constant-out-of-range-compare]
[While LONG_MAX is correct, since it's used in size_t math, the
numbers have to be limited to 32-bit range to be usable by 32-bit
clients, and values beyond that range are far more likely to be
bugs in the data from the server than valid numbers of characters
in a font. -alan- ]
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
The size of the arrays is max_key_code + 1. This makes these functions
consistent with the other checks added for CVE-2013-1997.
Also check the XkbGetNames reply when names->keys was just allocated.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Tested-by: Colin Walters <walters@verbum.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Fixes builds with Solaris Studio 12.3 when lint is enabled, since it no
longer ignores *.h files, but complains when they reference undefined
typedefs or macros.
Signed-off-by: Niveditha Rau <Niveditha.Rau@Oracle.COM>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Freeing a pointer that wasn't returned by malloc() is undefined
behavior and produces an error with OpenBSD's implementation.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Various other bounds checks in the code assume this is true, so
enforce it when we first get the data from the X server.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Prevents trying to free uninitialized pointers if we have to bail out
partway through setup, such as if we receive a corrupted or incomplete
connection setup block from the server.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Avoids memory corruption and other errors when callers access them
without checking to see if XGetWindowProperty() returned an error value.
Callers are still required to check for errors, this just reduces the
damage when they don't.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Ensure that when breaking the returned list into individual strings,
we don't walk past the end of allocated memory to write the '\0' bytes
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Ensure that when breaking the returned list into individual strings,
we don't walk past the end of allocated memory to write the '\0' bytes
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
