norohind/kmscon
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

xkb: fix invalid read from uninitialized memory

Browse Source 
The memset was missing a sizeof(..) multiplication.

Really the entire function is more complex than need be, so simplify it.

Signed-off-by: Ran Benita <ran234@gmail.com>
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
This commit is contained in:
Ran Benita 2012-01-28 21:21:44 +02:00 committed by David Herrmann
parent f8b17b1ffc
commit 6eb0f706d7
1 changed files with 20 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/kbd_xkb.c
View File

@ -819,60 +819,44 @@ static struct xkb_sym_interpret *find_sym_interpret(struct xkb_desc *desc,
/* /*
* Allocate slots for a keycode in the key-action mapping array. xkbcommon * Allocate slots for a keycode in the key-action mapping array. xkbcommon
* doesn't do this by itself for actions from compat (that is almost all of * doesn't do this by itself for actions from compat (that is, almost all of
* them). * them).
* See [xserver] XKBMAlloc.c:XkbResizeKeyActions() for the equivalent. * See [xserver] XKBMAlloc.c:XkbResizeKeyActions() for the equivalent.
*/ */
static int allocate_key_acts(struct xkb_desc *desc, uint8_t keycode) static int allocate_key_acts(struct xkb_desc *desc, uint8_t keycode)
{ {
unsigned short index;
union xkb_action *acts;
struct xkb_server_map *server; struct xkb_server_map *server;
int sym_count; int sym_count;
int new_needed; unsigned short index, new_size_acts;
unsigned short new_num_acts; union xkb_action *acts;
unsigned short new_size_acts;
server = desc->server; server = desc->server;
sym_count = XkbKeyNumSyms(desc, keycode); sym_count = XkbKeyNumSyms(desc, keycode);
/* if (XkbKeyHasActions(desc, keycode))
* num_acts is the occupied slots, size_acts is the current total return 0;
* capacity.
*/
if (XkbKeyHasActions(desc, keycode)) { index = server->num_acts;
/* An array is already allocated for this key. */
/* index = server->key_acts[keycode]; */ /* num_acts is the occupied slots, size_acts is the capacity. */
} else if (server->num_acts + sym_count <= server->size_acts) { if (server->num_acts + sym_count > server->size_acts) {
/* There's enough left over space; use it. */ /*
* Don't have enough space, need to allocate. We add some
index = server->num_acts; * extra to avoid repeated reallocs.
server->key_acts[keycode] = index; */
server->num_acts += sym_count; new_size_acts = server->num_acts + sym_count + 8;
} else { acts = realloc(server->acts, new_size_acts * sizeof (*acts));
/* Need to allocate new space. */
index = server->num_acts;
new_num_acts = server->num_acts + sym_count;
new_needed = sym_count - (server->size_acts - new_num_acts);
/* Add some extra to avoid repeated reallocs. */
new_size_acts = server->size_acts + new_needed + 8;
acts = realloc(server->acts,
sizeof(union xkb_action) * new_size_acts);
if (!acts) if (!acts)
return -ENOMEM; return -ENOMEM;
/* XkbSA_NoAction is 0x00 so we're good. */
memset(acts+index, 0, sym_count);
server->key_acts[keycode] = index;
server->num_acts = new_num_acts;
server->size_acts = new_size_acts;
server->acts = acts; server->acts = acts;
server->size_acts = new_size_acts;
} }
/* XkbSA_NoAction is 0x00 so we're good. */
memset(&server->acts[index], 0, sym_count * sizeof(*server->acts));
server->key_acts[keycode] = index;
server->num_acts += sym_count;
return 0; return 0;
} }