[gtk+] Fix an out-of-bounds access in MyEnhancedXkbTranslateKeyCode

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk+] Fix an out-of-bounds access in MyEnhancedXkbTranslateKeyCode
Date: Mon, 27 Oct 2014 01:52:52 +0000 (UTC)

commit e75310a445f019cd4ef27a87c3da57b6891d7c69
Author: Matthias Clasen <mclasen redhat com>
Date:   Sun Oct 26 21:48:59 2014 -0400

    Fix an out-of-bounds access in MyEnhancedXkbTranslateKeyCode
    
    Commits 314b6abbe8d8daae and eb9223c008ccf1c2faab were ignoring
    the fact that the code where found is set to 1 was modifying
    col - which was an ok thing to do when that part of the code
    was still breaking out of the loop, but it is no longer doing
    that (since 2003 !). Fix things up by storing the final col
    value in a separate variable and using that after the loop.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=738886

 gdk/x11/gdkkeys-x11.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)
---
diff --git a/gdk/x11/gdkkeys-x11.c b/gdk/x11/gdkkeys-x11.c
index c45a971..a83ec15 100644
--- a/gdk/x11/gdkkeys-x11.c
+++ b/gdk/x11/gdkkeys-x11.c
@@ -1058,6 +1058,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
     int col,nKeyGroups;
     unsigned preserve,effectiveGroup;
     KeySym *syms;
+    int found_col = 0;
 
     if (mods_rtrn!=NULL)
         *mods_rtrn = 0;
@@ -1090,7 +1091,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
                 break;
         }
     }
-    col= effectiveGroup*XkbKeyGroupsWidth(xkb,key);
+    found_col = col= effectiveGroup*XkbKeyGroupsWidth(xkb,key);
     type = XkbKeyKeyType(xkb,key,effectiveGroup);
 
     preserve= 0;
@@ -1129,7 +1130,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
             }
 
             if (!found && ((mods&type->mods.mask) == entry->mods.mask)) {
-                col+= entry->level;
+                found_col= col + entry->level;
                 if (type->preserve)
                     preserve= type->preserve[i].mask;
 
@@ -1143,7 +1144,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
     }
 
     if (keysym_rtrn!=NULL)
-        *keysym_rtrn= syms[col];
+        *keysym_rtrn= syms[found_col];
     if (mods_rtrn) {
         /* ---- Begin section modified for GDK  ---- */
         *mods_rtrn &= ~preserve;
@@ -1175,7 +1176,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr     xkb,
 
     /* ---- End stuff GDK adds to the original Xlib version ---- */
 
-    return (syms[col] != NoSymbol);
+    return (syms[found_col] != NoSymbol);
 }
 #endif /* HAVE_XKB */

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]