e3a530540f
XKB often uses a FooCheck and Foo function pair, the former is supposed to check all values in the request and error out on BadLength, BadValue, etc. The latter is then called once we're confident the values are good (they may still fail on an individual device, but that's a different topic). In the case of XkbSetDeviceInfo, those functions were incorrectly named, with XkbSetDeviceInfo ending up as the checker function and XkbSetDeviceInfoCheck as the setter function. As a result, the setter function was called before the checker function, accessing request data and modifying device state before we ensured that the data is valid. In particular, the setter function relied on values being already byte-swapped. This in turn could lead to potential OOB memory access. Fix this by correctly naming the functions and moving the length checks over to the checker function. These were added in |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| README.compiled | ||
| XKBAlloc.c | ||
| XKBGAlloc.c | ||
| XKBMAlloc.c | ||
| XKBMisc.c | ||
| XKM_file_format.txt | ||
| ddxBeep.c | ||
| ddxCtrls.c | ||
| ddxKillSrv.c | ||
| ddxLEDs.c | ||
| ddxLoad.c | ||
| ddxPrivate.c | ||
| ddxVT.c | ||
| maprules.c | ||
| meson.build | ||
| xkb.c | ||
| xkb.h | ||
| xkbAccessX.c | ||
| xkbActions.c | ||
| xkbDflts.h | ||
| xkbEvents.c | ||
| xkbInit.c | ||
| xkbLEDs.c | ||
| xkbPrKeyEv.c | ||
| xkbSwap.c | ||
| xkbUtils.c | ||
| xkbfmisc.c | ||
| xkbgeom.h | ||
| xkbout.c | ||
| xkbtext.c | ||
| xkmread.c | ||
The X server uses this directory to store the compiled version of the
current keymap and/or any scratch keymaps used by clients. The X server
or some other tool might destroy or replace the files in this directory,
so it is not a safe place to store compiled keymaps for long periods of
time. The default keymap for any server is usually stored in:
X<num>-default.xkm
where <num> is the display number of the server in question, which makes
it possible for several servers *on the same host* to share the same
directory.
Unless the X server is modified, sharing this directory between servers on
different hosts could cause problems.