Overview

File commit-525aa17-xkb.diff of Package xorg-x11-server

commit 525aa17f804d37d1cfcbbf6b8e6cddb45e999b20
Author: Tomas Janousek <tomi@nomi.cz>
Date:   Wed May 20 15:03:01 2009 +0200

    Bug #6428, #16458, #21464: Fix crash due to uninitialized VModMap fields.
    
    In ProcXkbGetKbdByName, mrep.firstVModMapKey, .nVModMapKeys and
    .totalVModMapKeys were not initialized, contained random values and caused
    accesses to unallocated and later modified memory, causing
    XkbSizeVirtualModMap and XkbWriteVirtualModMap to see different number of
    nonzero values, resulting in writes past the end of an array in XkbSendMap.
    
    This patch initializes those values sensibly and reverts commits 5c0a2088 and
    6dd4fc46, which have been plain non-sense.
    
    Signed-off-by: Tomas Janousek <tomi@nomi.cz>
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

diff --git a/xkb/xkb.c b/xkb/xkb.c
index 445c55f..ec46238 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -1308,7 +1308,7 @@ XkbSizeVirtualModMap(XkbDescPtr xkb,xkbGetMapReply *rep)
 	rep->totalVModMapKeys= 0;
 	return 0;
     }
-    for (nRtrn=i=0;i<rep->nVModMapKeys-1;i++) {
+    for (nRtrn=i=0;i<rep->nVModMapKeys;i++) {
 	if (xkb->server->vmodmap[i+rep->firstVModMapKey]!=0)
 	    nRtrn++;
     }
@@ -1327,7 +1327,7 @@ unsigned short *	pMap;
 
     wire= (xkbVModMapWireDesc *)buf;
     pMap= &xkb->server->vmodmap[rep->firstVModMapKey];
-    for (i=0;i<rep->nVModMapKeys-1;i++,pMap++) {
+    for (i=0;i<rep->nVModMapKeys;i++,pMap++) {
 	if (*pMap!=0) {
 	    wire->key= i+rep->firstVModMapKey;
 	    wire->vmods= *pMap;
@@ -5670,7 +5670,7 @@ ProcXkbGetKbdByName(ClientPtr client)
 	    mrep.present = 0;
 	    mrep.totalSyms = mrep.totalActs =
 		mrep.totalKeyBehaviors= mrep.totalKeyExplicit= 
-		mrep.totalModMapKeys= 0;
+		mrep.totalModMapKeys= mrep.totalVModMapKeys= 0;
 	    if (rep.reported&(XkbGBN_TypesMask|XkbGBN_ClientSymbolsMask)) {
 		mrep.present|= XkbKeyTypesMask;
 		mrep.firstType = 0;
@@ -5696,6 +5696,8 @@ ProcXkbGetKbdByName(ClientPtr client)
 			mrep.firstKeyExplicit = new->min_key_code;
 		mrep.nKeyActs = mrep.nKeyBehaviors = 
 			mrep.nKeyExplicit = XkbNumKeys(new);
+		mrep.firstVModMapKey= new->min_key_code;
+		mrep.nVModMapKeys= XkbNumKeys(new);
 	    }
 	    else {
 		mrep.virtualMods= 0;
openSUSE Build Service is sponsored by
Places