[PATCH 1/4] xprop: prevent accessing not available fields in conditionals
Bert Wesarg
bert.wesarg at googlemail.com
Thu Oct 20 07:23:25 PDT 2011
Having a format of 32c with two elemtents, and a dformat of '?$3=0(foo)'
would result in an invalid read past the thunks array. Handle references
to invalid fields as error while parsing the dformat.
Signed-off-by: Bert Wesarg <bert.wesarg at googlemail.com>
---
xprop.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/xprop.c b/xprop.c
index 4c4c702..04b4301 100644
--- a/xprop.c
+++ b/xprop.c
@@ -1220,9 +1220,10 @@ Scan_Term (const char *string, thunk *thunks, const char *format, long *value)
if (isdigit((unsigned char) *string))
string = Scan_Long(string, value);
else if (*string == '$') {
- string = Scan_Long(++string, &i);
+ const char *bad_string = string++;
+ string = Scan_Long(string, &i);
if (i >= thunks->thunk_count)
- i = thunks->thunk_count;
+ Fatal_Error("Bad field reference %d in conditional %s", (int) i, bad_string);
*value = thunks[i].value;
} else if (*string == 'm') {
string = Scan_Long(++string, &i);
--
1.7.7.759.gfc8c6
More information about the xorg-devel
mailing list