|
 |
f8dcb1 |
From 0909a1a76546284f27fb1b17a6f545a04537cc36 Mon Sep 17 00:00:00 2001
|
|
|
f8dcb1 |
From: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
f8dcb1 |
Date: Tue, 10 Jul 2018 11:17:50 +1000
|
|
|
f8dcb1 |
Subject: [PATCH xf86-input-libinput] draglock: fix memory overwrite during
|
|
|
f8dcb1 |
draglock parsing
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
Passing in the size of the array but using it as "number of elements" inside
|
|
|
f8dcb1 |
the function. Rename a bunch of arguments to avoid this.
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
https://bugs.freedesktop.org/show_bug.cgi?id=107166
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
f8dcb1 |
---
|
|
|
f8dcb1 |
src/draglock.c | 14 +++++++-------
|
|
|
f8dcb1 |
src/draglock.h | 6 +++---
|
|
|
f8dcb1 |
src/xf86libinput.c | 2 +-
|
|
|
f8dcb1 |
3 files changed, 11 insertions(+), 11 deletions(-)
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
diff --git a/src/draglock.c b/src/draglock.c
|
|
|
f8dcb1 |
index b0bcac3..e0a91d0 100644
|
|
|
f8dcb1 |
--- a/src/draglock.c
|
|
|
f8dcb1 |
+++ b/src/draglock.c
|
|
|
f8dcb1 |
@@ -116,7 +116,7 @@ draglock_get_meta(const struct draglock *dl)
|
|
|
f8dcb1 |
}
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
size_t
|
|
|
f8dcb1 |
-draglock_get_pairs(const struct draglock *dl, int *array, size_t sz)
|
|
|
f8dcb1 |
+draglock_get_pairs(const struct draglock *dl, int *array, size_t nelem)
|
|
|
f8dcb1 |
{
|
|
|
f8dcb1 |
unsigned int i;
|
|
|
f8dcb1 |
size_t last = 0;
|
|
|
f8dcb1 |
@@ -131,8 +131,8 @@ draglock_get_pairs(const struct draglock *dl, int *array, size_t sz)
|
|
|
f8dcb1 |
}
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
/* size N array with a[0] == 0, the rest ordered by button number */
|
|
|
f8dcb1 |
- memset(array, 0, sz * sizeof(array[0]));
|
|
|
f8dcb1 |
- for (i = 0; i < sz && i < ARRAY_SIZE(dl->lock_pair); i++) {
|
|
|
f8dcb1 |
+ memset(array, 0, nelem * sizeof(array[0]));
|
|
|
f8dcb1 |
+ for (i = 0; i < nelem && i < ARRAY_SIZE(dl->lock_pair); i++) {
|
|
|
f8dcb1 |
array[i] = dl->lock_pair[i];
|
|
|
f8dcb1 |
if (array[i] != 0 && i > last)
|
|
|
f8dcb1 |
last = i;
|
|
|
f8dcb1 |
@@ -153,20 +153,20 @@ draglock_set_meta(struct draglock *dl, int meta_button)
|
|
|
f8dcb1 |
}
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
int
|
|
|
f8dcb1 |
-draglock_set_pairs(struct draglock *dl, const int *array, size_t sz)
|
|
|
f8dcb1 |
+draglock_set_pairs(struct draglock *dl, const int *array, size_t nelem)
|
|
|
f8dcb1 |
{
|
|
|
f8dcb1 |
unsigned int i;
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
- if (sz == 0 || array[0] != 0)
|
|
|
f8dcb1 |
+ if (nelem == 0 || array[0] != 0)
|
|
|
f8dcb1 |
return 1;
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
- for (i = 0; i < sz; i++) {
|
|
|
f8dcb1 |
+ for (i = 0; i < nelem; i++) {
|
|
|
f8dcb1 |
if (array[i] < 0 || array[i] >= DRAGLOCK_MAX_BUTTONS)
|
|
|
f8dcb1 |
return 1;
|
|
|
f8dcb1 |
}
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
dl->mode = DRAGLOCK_DISABLED;
|
|
|
f8dcb1 |
- for (i = 0; i < sz; i++) {
|
|
|
f8dcb1 |
+ for (i = 0; i < nelem; i++) {
|
|
|
f8dcb1 |
dl->lock_pair[i] = array[i];
|
|
|
f8dcb1 |
if (dl->lock_pair[i])
|
|
|
f8dcb1 |
dl->mode = DRAGLOCK_PAIRS;
|
|
|
f8dcb1 |
diff --git a/src/draglock.h b/src/draglock.h
|
|
|
f8dcb1 |
index acc1314..900d538 100644
|
|
|
f8dcb1 |
--- a/src/draglock.h
|
|
|
f8dcb1 |
+++ b/src/draglock.h
|
|
|
f8dcb1 |
@@ -107,13 +107,13 @@ draglock_get_meta(const struct draglock *dl);
|
|
|
f8dcb1 |
* @note Button numbers start at 1, array[0] is always 0.
|
|
|
f8dcb1 |
*
|
|
|
f8dcb1 |
* @param[in|out] array Caller-allocated array to hold the button mappings.
|
|
|
f8dcb1 |
- * @param[in] sz Maximum number of elements in array
|
|
|
f8dcb1 |
+ * @param[in] nelem Maximum number of elements in array
|
|
|
f8dcb1 |
*
|
|
|
f8dcb1 |
* @return The number of valid elements in array or 0 if the current mode is
|
|
|
f8dcb1 |
* not DRAGLOCK_PAIRS
|
|
|
f8dcb1 |
*/
|
|
|
f8dcb1 |
size_t
|
|
|
f8dcb1 |
-draglock_get_pairs(const struct draglock *dl, int *array, size_t sz);
|
|
|
f8dcb1 |
+draglock_get_pairs(const struct draglock *dl, int *array, size_t nelem);
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
/**
|
|
|
f8dcb1 |
* Set the drag lock config to the DRAGLOCK_META mode, with the given
|
|
|
f8dcb1 |
@@ -140,7 +140,7 @@ draglock_set_meta(struct draglock *dl, int meta_button);
|
|
|
f8dcb1 |
* @return 0 on successor nonzero otherwise
|
|
|
f8dcb1 |
*/
|
|
|
f8dcb1 |
int
|
|
|
f8dcb1 |
-draglock_set_pairs(struct draglock *dl, const int *array, size_t sz);
|
|
|
f8dcb1 |
+draglock_set_pairs(struct draglock *dl, const int *array, size_t nelem);
|
|
|
f8dcb1 |
|
|
|
f8dcb1 |
/**
|
|
|
f8dcb1 |
* Process the given button event through the drag lock state machine.
|
|
|
f8dcb1 |
diff --git a/src/xf86libinput.c b/src/xf86libinput.c
|
|
|
f8dcb1 |
index 2e950cd..34f1102 100644
|
|
|
f8dcb1 |
--- a/src/xf86libinput.c
|
|
|
f8dcb1 |
+++ b/src/xf86libinput.c
|
|
|
f8dcb1 |
@@ -5326,7 +5326,7 @@ LibinputInitDragLockProperty(DeviceIntPtr dev,
|
|
|
f8dcb1 |
break;
|
|
|
f8dcb1 |
case DRAGLOCK_PAIRS:
|
|
|
f8dcb1 |
sz = draglock_get_pairs(&driver_data->draglock,
|
|
|
f8dcb1 |
- dl_values, sizeof(dl_values));
|
|
|
f8dcb1 |
+ dl_values, ARRAY_SIZE(dl_values));
|
|
|
f8dcb1 |
break;
|
|
|
f8dcb1 |
default:
|
|
|
f8dcb1 |
xf86IDrvMsg(dev->public.devicePrivate,
|
|
|
f8dcb1 |
--
|
|
|
f8dcb1 |
2.17.1
|
|
|
f8dcb1 |
|