| Age | Commit message (Collapse) | Author |
|---|
|
By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
Several functions were returning NoSuchExtension casted to a pointer in case of
an error. Often in parallel with returning NULL in case of another error. It is
undocumented and certainly wrong.
Signed-off-by: Michal Srb <msrb@suse.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
clang warns:
warning: comparison of constant 268435455 with expression of type
'CARD16' (aka 'unsigned short') is always false
Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
If the number of feedbacks reported by the server is large enough that
it overflows when multiplied by the size of the appropriate struct, or
if the total size of all the feedback structures overflows when added
together, then memory corruption can occur when more bytes are copied from
the X server reply than the size of the buffer we allocated to hold them.
v2: check that reply size fits inside the data read from the server, so
we don't read out of bounds either
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
XIQueryVersion.c: In function '_xiQueryVersion':
XIQueryVersion.c:63:26: warning: declaration of 'info' shadows a parameter
[-Wshadow]
XIQueryVersion.c:53:73: warning: shadowed declaration is here [-Wshadow]
XExtInt.c: In function 'XInputWireToEvent':
XExtInt.c:823:25: warning: declaration of 'i' shadows a previous local
[-Wshadow]
XExtInt.c:502:18: warning: shadowed declaration is here [-Wshadow]
XExtInt.c:850:25: warning: declaration of 'i' shadows a previous local
[-Wshadow]
XExtInt.c:502:18: warning: shadowed declaration is here [-Wshadow]
In file included from XExtInt.c:64:0:
../include/X11/extensions/XInput.h:166:17: note: previous declaration of
'_xidevicebusy' was here
XExtInt.c:101:12: warning: redundant redeclaration of
'_XiGetDevicePresenceNotifyEvent' [-Wredundant-decls]
XExtInt.c:76:13: warning: redundant redeclaration of '_xibaddevice'
[-Wredundant-decls]
In file included from XExtInt.c:64:0:
../include/X11/extensions/XInput.h:162:17: note: previous declaration of
'_xibaddevice' was here
XExtInt.c:81:13: warning: redundant redeclaration of '_xibadclass'
[-Wredundant-decls]
In file included from XExtInt.c:64:0:
../include/X11/extensions/XInput.h:163:17: note: previous declaration of
'_xibadclass' was here
XExtInt.c:86:13: warning: redundant redeclaration of '_xibadevent'
[-Wredundant-decls]
In file included from XExtInt.c:64:0:
../include/X11/extensions/XInput.h:164:17: note: previous declaration of
'_xibadevent' was here
XExtInt.c:91:13: warning: redundant redeclaration of '_xibadmode'
[-Wredundant-decls]
In file included from XExtInt.c:64:0:
../include/X11/extensions/XInput.h:165:17: note: previous declaration of
'_xibadmode' was here
XExtInt.c:96:13: warning: redundant redeclaration of '_xidevicebusy'
[-Wredundant-decls]
In file included from XExtInt.c:64:0:
../include/X11/extensions/XInput.h:166:17: note: previous declaration of
'_xidevicebusy' was here
XListDev.c: In function 'ParseClassInfo':
XListDev.c:116:33: warning: declaration of 'k' shadows a previous local
[-Wshadow]
XListDev.c:109:12: warning: shadowed declaration is here [-Wshadow]
XGetFCtl.c: In function 'XGetFeedbackControl':
XGetFCtl.c:184:26: warning: declaration of 'i' shadows a previous local
[-Wshadow]
XGetFCtl.c:72:17: warning: shadowed declaration is here [-Wshadow]
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dan Nicholson <dbn.lists@gmail.com>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
This reduces code duplication and fixes possible leak of f. f would leak if
allocation of Feedback fails.
Signed-off-by: Pauli Nieminen <ext-pauli.nieminen@nokia.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
|
|
|
|
Thre are still two remaining compiler warnings, because of non matching
function prototypes and function pointer arguments prototypes:
src/XSndExEv.c:XSendExtensionEvent()
variable register Status(**fp) (Display *, XEvent*, xEvent **, int *)
doesn't match struct _XDisplay's:
Status (*wire_vec[128])( /* vector for event to wire */
Display * /* dpy */,
XEvent * /* re */,
xEvent * /* event */
);
and
src/XExtInt.c:xinput_extension_hooks field event_to_wire of type
XExtensionHooks that has the prototype Status (*event_to_wire)(
Display* /* display */,
XEvent* /* re */,
xEvent* /* event */
);
does not match Status
_XiEventToWire(
register Display *dpy, /* pointer to display structure */
register XEvent *re, /* pointer to client event */
register xEvent **event, /* wire protocol event */
register int *count);
Signed-off-by: Peter Hutterer <peter@cs.unisa.edu.au>
|
|
held.
All callers of _XiCheckExtInit have already called XInput_find_display
first outside the lock, so just pass their copy of the XExtDisplayInfo
structure down. Besides being more correct, this should be slightly
faster. :-)
Thanks to Magnus Kessler <Magnus.Kessler@gmx.net> for identifying
the bug and proposing a workaround.
|
|
Another brief run with indent.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
