diff options
| author | Owain Ainsworth <oga@cvs.openbsd.org> | 2010-03-07 15:51:35 +0000 |
|---|---|---|
| committer | Owain Ainsworth <oga@cvs.openbsd.org> | 2010-03-07 15:51:35 +0000 |
| commit | 4396f47d182ca226aaed41481b5296d40d448e34 (patch) | |
| tree | 46ecd02e5e44a1b7225e98d751991b50bbf95212 /dist | |
| parent | ea1616872c4e33a73879f73426151535da134ccd (diff) | |
Fix some problems in libxcb-icccm affecting xcb based window managers.
Specifically, fix checks on the data so then we use the correct
sanitised length. From Peter Harris (pharris AT opentext DOT com), an
xcb developer, via David Coppa (dcoppa AT gmail DOT com); thanks!
requested by deraadt@
Diffstat (limited to 'dist')
| -rw-r--r-- | dist/xcb-util/icccm/icccm.c | 17 | ||||
| -rw-r--r-- | dist/xcb-util/icccm/xcb_icccm.h | 2 |
2 files changed, 12 insertions, 7 deletions
diff --git a/dist/xcb-util/icccm/icccm.c b/dist/xcb-util/icccm/icccm.c index 6f9463fa7..3b85cc8f1 100644 --- a/dist/xcb-util/icccm/icccm.c +++ b/dist/xcb-util/icccm/icccm.c @@ -442,14 +442,16 @@ xcb_get_wm_size_hints_from_reply(xcb_size_hints_t *hints, xcb_get_property_reply length = xcb_get_property_value_length(reply) / (reply->format / 8); if (!(reply->type == WM_SIZE_HINTS && - (reply->format == 8 || reply->format == 16 || - reply->format == 32) && + reply->format == 32 && /* OldNumPropSizeElements = 15 (pre-ICCCM) */ length >= 15)) return 0; + if (length > XCB_NUM_WM_SIZE_HINTS_ELEMENTS) + length = XCB_NUM_WM_SIZE_HINTS_ELEMENTS; + memcpy(hints, (xcb_size_hints_t *) xcb_get_property_value (reply), - length * reply->format >> 3); + length * (reply->format / 8)); flags = (XCB_SIZE_HINT_US_POSITION | XCB_SIZE_HINT_US_SIZE | XCB_SIZE_HINT_P_POSITION | XCB_SIZE_HINT_P_SIZE | @@ -632,17 +634,18 @@ xcb_get_wm_hints_from_reply(xcb_wm_hints_t *hints, { int length, num_elem; - if(!reply) + if(!reply || reply->type != WM_HINTS || reply->format != 32) return 0; length = xcb_get_property_value_length(reply); num_elem = length / (reply->format / 8); - if (reply->type != WM_HINTS - || reply->format != 32 - || num_elem < XCB_NUM_WM_HINTS_ELEMENTS - 1) + if(num_elem < XCB_NUM_WM_HINTS_ELEMENTS - 1) return 0; + if (length > sizeof(xcb_size_hints_t)) + length = sizeof(xcb_size_hints_t); + memcpy(hints, (xcb_size_hints_t *) xcb_get_property_value(reply), length); if(num_elem < XCB_NUM_WM_HINTS_ELEMENTS) diff --git a/dist/xcb-util/icccm/xcb_icccm.h b/dist/xcb-util/icccm/xcb_icccm.h index 938fecb4b..f75e39663 100644 --- a/dist/xcb-util/icccm/xcb_icccm.h +++ b/dist/xcb-util/icccm/xcb_icccm.h @@ -447,6 +447,8 @@ typedef struct { uint32_t win_gravity; } xcb_size_hints_t; +#define XCB_NUM_WM_SIZE_HINTS_ELEMENTS 18 + /** * @brief Set size hints to a given position. * @param hints SIZE_HINTS structure. |