fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-01-04 20:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/dix
History
Alan Coopersmith f340f082b8 dix: limit checks to MAX_VALUATORS when generating Xi events 
Previously, it was looping through sizeof(ev->valuators.mask) * 8
valuators, where valuators.mask is defined as an array of
(MAX_VALUATORS + 7) / 8 entries.  Since MAX_VALUATORS is defined as 36,
this made it actually loop through 40 entries.  The last 4 bits in this
array should never be set, so we should never access memory outside the
bounds of the arrays defined to be exactly MAX_VALUATORS in length, but
we can make the static analyzer happier and not waste time checking bits
that should never be set.

Found by Oracle Parfait 13.3 static analyzer:

   Read outside array bounds [read-outside-array-bounds]:
      In array dereference of ev->valuators.data[i] with index i
      Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39
        at line 741 of dix/eventconvert.c in function 'eventToDeviceEvent'.

   Read outside array bounds [read-outside-array-bounds]:
      In array dereference of ev->valuators.data[i] with index i
      Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39
        at line 808 of dix/eventconvert.c in function 'eventToRawEvent'.

   Read outside array bounds [read-outside-array-bounds]:
      In array dereference of ev->valuators.data_raw[i] with index i
      Array size is 36 elements (of 8 bytes each), index >= 0 and index <= 39
        at line 809 of dix/eventconvert.c in function 'eventToRawEvent'.

Fixes: b2ba77bac ("dix: add EventToXI2 and GetXI2Type.")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit b65eea43dd)

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1766>
2025-02-04 09:18:51 +01:00
..
.gitignore Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
atom.c atom: make FreeAtom static 2015-07-08 16:41:29 -04:00
buildatoms XFree86 4.3.0.1 2003-11-14 16:49:22 +00:00
BuiltInAtoms R6.6 is the Xorg base-line 2003-11-14 15:54:54 +00:00
callback_priv.h dix: unexport callback manager init / teardown functions 2024-03-12 15:18:17 +00:00
colormap.c dix: FindBestPixel: fix implicit fallthrough warning 2024-09-24 10:51:08 +02:00
cursor.c dix: drop now obsolete cursorScreenDevPriv 2024-03-12 15:24:35 +00:00
devices.c dix: GetPairedDevice: check if GetMaster returned NULL 2024-09-24 10:51:04 +02:00
dispatch.c dix: drop now obsolete cursorScreenDevPriv 2024-03-12 15:24:35 +00:00
dispatch.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
dix_priv.h dix: unexport CloseDownClient() 2024-03-13 00:47:36 +00:00
dixfonts.c dix: SetFontPath: don't set errorValue on Success 2024-09-24 10:50:40 +02:00
dixutils.c dix: unexport callback manager init / teardown functions 2024-03-12 15:18:17 +00:00
enterleave.c dix: fix button offset when generating DeviceButtonStateNotify events 2025-02-04 09:18:43 +01:00
enterleave.h mi: reset the PointerWindows reference on screen switch 2023-10-25 00:37:47 +00:00
eventconvert.c dix: limit checks to MAX_VALUATORS when generating Xi events 2025-02-04 09:18:51 +01:00
eventconvert.h dix: unexport eventconvert.h functions 2024-03-11 12:26:44 +01:00
events.c dix: unexport eventconvert.h functions 2024-03-11 12:26:44 +01:00
extension.c Move sizeof to second argument in calloc calls 2024-08-06 10:00:59 +02:00
gc.c dix: CreateScratchGC: avoid dereference of pointer we just set to NULL 2024-09-24 10:50:47 +02:00
gestures.c dix: unexport eventconvert.h functions 2024-03-11 12:26:44 +01:00
getevents.c Revert "include: move BUG_*() macros to separate header" 2024-02-23 23:11:01 +00:00
globals.c dix: unexport global variables 2024-03-09 17:23:43 +00:00
glyphcurs.c Let calloc handle multiplication 2015-04-21 16:57:07 -07:00
grabs.c dix: unexport CloseDownClient() 2024-03-13 00:47:36 +00:00
initatoms.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
inpututils.c Revert "include: move BUG_*() macros to separate header" 2024-02-23 23:11:01 +00:00
main.c Move sizeof to second argument in calloc calls 2024-08-06 10:00:59 +02:00
meson.build dix: Implement internal gesture state handling 2021-05-30 13:26:39 +03:00
pixmap.c dix: Remove pScratchPixmap and other associated ABI changes 2022-12-30 01:32:25 +00:00
privates.c Move sizeof to second argument in calloc calls 2024-08-06 10:00:59 +02:00
property.c dix: ProcListProperties: skip unneeded work if numProps is 0 2024-09-24 10:50:57 +02:00
protocol.txt drop remains of DMX 2024-03-05 16:57:52 +01:00
ptrveloc.c dix: InitPredictableAccelerationScheme: avoid memory leak on failure 2024-09-24 10:50:50 +02:00
ptrveloc_priv.h dix: unexport InitTrackers() 2024-03-09 18:01:52 +00:00
region.c replace _X_INLINE by inline in internal static functions 2024-02-05 19:26:14 +00:00
registry.c include: drop obsolete registry.h 2024-03-03 23:20:06 +00:00
registry_priv.h dix: unexport XREGISTRY_UNKNOWN define 2024-03-03 23:20:06 +00:00
resource.c dix: HashResourceID: use unsigned integers for bit shifting 2024-09-24 10:51:00 +02:00
screenint_priv.h dix: unexport AttachOffloadGPU() and DetachOffloadGPU() 2024-03-03 23:24:29 +00:00
selection.c replace _X_INLINE by inline in internal static functions 2024-02-05 19:26:14 +00:00
stubmain.c Allow DDX to provide a main() 2013-07-23 23:56:58 +01:00
swaprep.c Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
swapreq.c dix: Disallow GenericEvent in SendEvent request. 2017-06-19 11:58:50 +10:00
tables.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
touch.c dix: unexport eventconvert.h functions 2024-03-11 12:26:44 +01:00
window.c dix: Skip more code in SetRootClip for ROOT_CLIP_INPUT_ONLY 2022-09-12 10:51:05 +00:00