[PATCH v2 2/7] xkb: Fix possible NULL pointer dereference
Pauli Nieminen
ext-pauli.nieminen at nokia.com
Wed Jul 28 12:47:02 PDT 2010
changes is deferenced unconditionaly later on in function. Because
XkbUpdateKeyTypesFromCore is exported function paramters should be
checked for driver errors.
Fixes:
Variable "changes" tracked as NULL was dereferenced.
Signed-off-by: Pauli Nieminen <ext-pauli.nieminen at nokia.com>
---
Added NULL check for changes because it deferenced unconditionaly in
function that can be called by drivers.
xkb/xkbUtils.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
index 14dc784..bf0affb 100644
--- a/xkb/xkbUtils.c
+++ b/xkb/xkbUtils.c
@@ -223,16 +223,19 @@ XkbDescPtr xkb;
unsigned key,nG,explicit;
int types[XkbNumKbdGroups];
KeySym tsyms[XkbMaxSymsPerKey],*syms;
-XkbMapChangesPtr mc;
+
+ if (!changes) {
+ LogMessage(X_ERROR, "XKB: XkbUpdateKeyTypesFromCore without changes\n");
+ return;
+ }
xkb= pXDev->key->xkbInfo->desc;
+
if (first+num-1>xkb->max_key_code) {
/* 1/12/95 (ef) -- XXX! should allow XKB structures to grow */
num= xkb->max_key_code-first+1;
}
- mc= (changes?(&changes->map):NULL);
-
syms= &pCore->map[(first - pCore->minKeyCode) * pCore->mapWidth];
for (key=first; key<(first+num); key++,syms+= pCore->mapWidth) {
explicit= xkb->server->explicit[key]&XkbExplicitKeyTypesMask;
@@ -242,7 +245,7 @@ XkbMapChangesPtr mc;
types[XkbGroup4Index]= XkbKeyKeyTypeIndex(xkb,key,XkbGroup4Index);
nG= XkbKeyTypesForCoreSymbols(xkb,pCore->mapWidth,syms,explicit,types,
tsyms);
- XkbChangeTypesOfKey(xkb,key,nG,XkbAllGroupsMask,types,mc);
+ XkbChangeTypesOfKey(xkb,key,nG,XkbAllGroupsMask,types,&changes->map);
memcpy((char *)XkbKeySymsPtr(xkb,key),(char *)tsyms,
XkbKeyNumSyms(xkb,key)*sizeof(KeySym));
}
--
1.6.3.3
More information about the xorg-devel
mailing list