frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xkb: Do not use base group as an array index. 

The base group is not brought into range and, therefore, using it as an array
index crashed the X server.  Also, at this place, we should ignore locked
groups, but not latched groups.  Therefore, use sum of base and latched groups,
brought into range.

Reproducible with:
key <FK07> {
    type= "ONE_LEVEL",
    symbols[Group1]= [              NoSymbol ],
    actions[Group1]= [ LatchGroup(group=-1, clearLocks) ]
};

And hitting F7 will exceed the group level and access arbitrary memory.

Signed-off-by: Andreas Wettstein <wettstein509@solnet.ch>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This commit is contained in:
Andreas Wettstein 2012-12-19 18:13:21 +01:00 committed by Peter Hutterer
parent df746a7341
commit 3578cc3c2e
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
xkb/xkbUtils.c
View File

@ -642,6 +642,7 @@ XkbComputeCompatState(XkbSrvInfoPtr xkbi)
CARD16 grp_mask;
XkbStatePtr state = &xkbi->state;
XkbCompatMapPtr map;
XkbControlsPtr ctrls;
if (!state || !xkbi->desc || !xkbi->desc->ctrls || !xkbi->desc->compat)
return;
@ -650,9 +651,14 @@ XkbComputeCompatState(XkbSrvInfoPtr xkbi)
grp_mask = map->groups[state->group].mask;
state->compat_state = state->mods | grp_mask;
state->compat_lookup_mods = state->lookup_mods | grp_mask;
ctrls= xkbi->desc->ctrls;
if (xkbi->desc->ctrls->enabled_ctrls & XkbIgnoreGroupLockMask)
grp_mask = map->groups[state->base_group].mask;
if (ctrls->enabled_ctrls & XkbIgnoreGroupLockMask) {
unsigned char grp = state->base_group+state->latched_group;
if (grp >= ctrls->num_groups)
grp = XkbAdjustGroup(XkbCharToInt(grp), ctrls);
grp_mask = map->groups[grp].mask;
}
state->compat_grab_mods = state->grab_mods | grp_mask;
return;
}