diff options
| author | Kenji Aoyama <aoyama@cvs.openbsd.org> | 2023-08-02 13:57:25 +0000 |
|---|---|---|
| committer | Kenji Aoyama <aoyama@cvs.openbsd.org> | 2023-08-02 13:57:25 +0000 |
| commit | a51977b1fde60b5c6c055f162b63f6e64ebbf4ec (patch) | |
| tree | 472c749aa89e00e8e8bdbd607a1c48213e31d2f9 /lib/libXi | |
| parent | 6297c387392b4d6319eef70eac2c581f715659e1 (diff) | |
Add pad_to_double() when the function allocates memories for 'double'
internally.
The functions wireToRawEvent() and copyRawEvent() get memories first,
then allocate memory blocks sequentially for several objects include
'double' from there.
On m88k, the memory area for 'double' should be 8-byte aligned, but
sizeof(XIRawEvent) is 60 and sizeof(out->valuators.mask_len) is 8.
In this case, allocated 'double' memory was not 8-byte aligned.
Because of this, 'xeyes' on luna88k was aborted with Bus Error right
after moving mouse for several years with sys/arch/m88k/m88k/trap.c
r.127.
Tested by me on luna88k, ok matthieu@
Diffstat (limited to 'lib/libXi')
| -rw-r--r-- | lib/libXi/src/XExtInt.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/libXi/src/XExtInt.c b/lib/libXi/src/XExtInt.c index 06474b2f8..a6a5f8041 100644 --- a/lib/libXi/src/XExtInt.c +++ b/lib/libXi/src/XExtInt.c @@ -1428,16 +1428,18 @@ copyRawEvent(XGenericEventCookie *cookie_in, in = cookie_in->data; bits = count_bits(in->valuators.mask, in->valuators.mask_len); - len = sizeof(XIRawEvent) + in->valuators.mask_len; + len = pad_to_double(sizeof(XIRawEvent)) + + pad_to_double(in->valuators.mask_len); len += bits * sizeof(double) * 2; ptr = cookie_out->data = malloc(len); if (!ptr) return False; - out = next_block(&ptr, sizeof(XIRawEvent)); + out = next_block(&ptr, pad_to_double(sizeof(XIRawEvent))); *out = *in; - out->valuators.mask = next_block(&ptr, out->valuators.mask_len); + out->valuators.mask + = next_block(&ptr, pad_to_double(out->valuators.mask_len)); memcpy(out->valuators.mask, in->valuators.mask, out->valuators.mask_len); out->valuators.values = next_block(&ptr, bits * sizeof(double)); @@ -1954,7 +1956,8 @@ wireToRawEvent(XExtDisplayInfo *info, xXIRawEvent *in, XGenericEventCookie *cook XIRawEvent *out; void *ptr; - len = sizeof(XIRawEvent) + in->valuators_len * 4; + len = pad_to_double(sizeof(XIRawEvent)) + + pad_to_double(in->valuators_len * 4); bits = count_bits((unsigned char*)&in[1], in->valuators_len * 4); len += bits * sizeof(double) * 2; /* raw + normal */ @@ -1962,7 +1965,7 @@ wireToRawEvent(XExtDisplayInfo *info, xXIRawEvent *in, XGenericEventCookie *cook if (!ptr) return 0; - out = next_block(&ptr, sizeof(XIRawEvent)); + out = next_block(&ptr, pad_to_double(sizeof(XIRawEvent))); out->type = in->type; out->serial = cookie->serial; out->display = cookie->display; @@ -1981,7 +1984,8 @@ wireToRawEvent(XExtDisplayInfo *info, xXIRawEvent *in, XGenericEventCookie *cook out->sourceid = 0; out->valuators.mask_len = in->valuators_len * 4; - out->valuators.mask = next_block(&ptr, out->valuators.mask_len); + out->valuators.mask + = next_block(&ptr, pad_to_double(out->valuators.mask_len)); memcpy(out->valuators.mask, &in[1], out->valuators.mask_len); out->valuators.values = next_block(&ptr, bits * sizeof(double)); |