libX11: Changes to 'master'

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Fri Feb 28 18:41:43 UTC 2025 

 src/xkb/XKBAlloc.c  |    4 +++-
 src/xkb/XKBMAlloc.c |    8 +++++---
 src/xkb/XKBMisc.c   |   11 ++++++-----
 3 files changed, 14 insertions(+), 9 deletions(-)

New commits:
commit 5f8077b257ea27a5fd6f114d2bc15284b2416b3c
Author: Olivier Fourdan <ofourdan at redhat.com>
Date:   Thu Nov 28 14:09:04 2024 +0100

    xkb: Fix buffer overflow in XkbChangeTypesOfKey()
    
    If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
    key syms to 0 but leave the key actions unchanged.
    
    If later, the same function is called with a non-zero value for nGroups,
    this will cause a buffer overflow because the key actions are of the wrong
    size.
    
    To avoid the issue, make sure to resize both the key syms and key actions
    when nGroups is 0.
    
    (cherry picked from xorg/xserver at 0e4ed94952b255c04fe910f6a1d9c852878dcd64)
    
    Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
    Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/279>

commit 865fd56aeb5c5d1812cce46ed197873c48b08692
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date:   Sun Nov 1 15:45:08 2020 -0800

    xkb: always set *mask_rtrn in XkbVirtualModsToReal
    
    Resolves warning from Oracle Parfait static analyser:
    
    Error: Uninitialised memory
       Uninitialised memory variable [uninitialised-mem-var] (CWE 457):
          Possible access to uninitialised memory referenced by variable 'mask'
            at line 721 of xkb/XKBMisc.c in function 'XkbUpdateKeyTypeVirtualMods'.
            Path in callee avoiding write at line 720
              mask allocated at line 718
    
    (cherry picked from xorg/xserver at a6574033f464c7cde02bce8f1b130ff6b2b2d9eb)
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/279>

commit 88d1a84ca3c0f87ffcb83b9b96e34a7121d5e2d3
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date:   Sat Feb 22 11:59:13 2025 -0800

    XkbChangeTypesOfKey: verify newTypesIn is not null before using it
    
    Based on xorg/xserver at 97c9e6a7139e07a0761be05034fae42fcd65ba36
    
    Fixes: 8ba0ca32 ("Janitor: ansification, make distcheck, compiler warnings.")
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/279>

commit 48a1335cab13d883e15b4eb5e9a5e080289a5c64
Author: Siddhesh Poyarekar <siddhesh.poyarekar at gmail.com>
Date:   Tue May 29 10:17:50 2012 +0530

    xkb: Allocate size_syms correctly when width of a type increases
    
    The current code seems to skip syms with width less than
    type->num_levels when calculating the total size for the new
    size_syms. This leads to less space being allocated than necessary
    during the next phase, which is to copy over the syms to the new
    location. This results in an overflow leading to a crash.
    
    (cherry picked from xorg/xserver at 42ae2e8199fe875319978249963de7499607988b)
    
    Signed-off-by: Siddhesh Poyarekar <siddhesh.poyarekar at gmail.com>
    Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/279>

commit 158be3ebd7d1da4d16bfc2dee82aac477fbcb833
Author: Daniel Stone <daniel at fooishbar.org>
Date:   Wed Mar 21 02:04:12 2007 +0200

    XKB: Fix size_syms calculation bug
    
    Apparently it needed to be nSyms*15/10, not *12/10; make it match the
    other allocation code.
    
    (cherry picked from xorg/xserver at f292de2ef13dc994a38029cee9e2642576893332)
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/279>

commit d6e1ca046aef42ec5465ece5edbdffe0bc7c0cb6
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date:   Sat Feb 22 10:13:52 2025 -0800

    XkbFreeKeyboard: set xkb->geom to NULL after freeing it
    
    Because XkbFreeGeometry takes a pointer to the geometry structure,
    and not the overall xkb structure like the other XkbFree*() calls,
    the caller is responsible for clearing the xkb->geom pointer to
    ensure it is not used after free.
    
    Based on xorg/xserver at 629798c73ad76a77fa6a55bc6403fd9b95ade2bb
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
    Part-of: <https://gitlab.freedesktop.org/xorg/lib/libx11/-/merge_requests/279>

More information about the xorg-commit mailing list