[PATCH] Revert "kinput: allocate enough space for null character."

Søren Sandmann sandmann at cs.au.dk
Sun Oct 7 11:53:25 PDT 2012 

Julien Cristau <jcristau at debian.org> writes:

> This reverts commit 531785dd746d64ef7f473a83ca73bb20e74b6fca.
>
> The above commit breaks Xephyr option parsing.  Andrzej writes:
>
>   Xephyr -retro -keybd evdev,,device=/dev/input/event2,xkbrules=evdev,xkbmodel=evdev,xkblayout=pl -mouse evdev,,device=/dev/input/event1 :3
>
>   results in:
>
>   <snip>
>   Pointer option key (device=) of value (/dev/input/event1) not assigned!
>   Kbd option key (device=) of value (/dev/input/event2) not assigned!
>   Kbd option key (xkbrules=) of value (evdev) not assigned!
>   Kbd option key (xkbmodel=) of value (evdev) not assigned!
>   Kbd option key (xkblayout=) of value (pl) not assigned!
>   <snip>
>
>   The effect of the patch is that the "key=value" pairs are parsed in such
>   a way that the key is added an "equals" sign to it and we end up with
>   keys like "device=" instead of "device". This in turn has effect on
>   KdParsePointerOptions and KdParseKbdOptions: the key does not match
>   any choice presented in the "switch" statement, and so "Pointer/Kbd
>   option key (...) of value (...) not assigned!" happens, making all
>   "key=value" options inaccessible to the user. Reverting the patch makes
>   them available again.
>
> Reference: http://bugs.debian.org/689246
> Reported-by: Andrzej Pietrasiewicz <andrzejtp2010 at gmail.com>
> Signed-off-by: Julien Cristau <jcristau at debian.org>
> Cc: Dave Airlie <airlied at redhat.com>
> ---
>  hw/kdrive/src/kinput.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/kdrive/src/kinput.c b/hw/kdrive/src/kinput.c
> index d35dcf8..b1068bb 100644
> --- a/hw/kdrive/src/kinput.c
> +++ b/hw/kdrive/src/kinput.c
> @@ -1034,7 +1034,7 @@ KdGetOptions(InputOption **options, char *string)
>  
>      if (strchr(string, '=')) {
>          tam_key = (strchr(string, '=') - string);
> -        key = strndup(string, tam_key + 1);
> +        key = strndup(string, tam_key);
>          if (!key)
>              goto out;

Reviewed-by: Søren Sandmann <ssp at redhat.com>

strndup() returns newly allocated memory, and it will make sure to
allocate enough space for the 0 terminator.

It looks like this is a mismerge. The patch that was originally posted:

    http://lists.x.org/archives/xorg-devel/2011-October/026461.html

was correctly changing malloc(n)/strncpy() to malloc(n+1)/strncpy(), but
in the meantime the malloc(n)/strncpy() was correctly changed to use
strndup(). And then the malloc(n+1)/strncpy() patch mutated into an
incorrect strndup(n+1).


Søren

More information about the xorg-devel mailing list