[PATCH] xkb: Do not use base group as an array index.

Peter Hutterer peter.hutterer at who-t.net
Wed Dec 19 17:40:38 PST 2012 

On Wed, Dec 19, 2012 at 06:13:21PM +0100, Andreas Wettstein wrote:
> The base group is not brought into range and, therefore, using it as an array
> index crashed the X server.  Also, at this place, we should ignore locked
> groups, but not latched groups.  Therefore, use sum of base and latched groups,
> brought into range.

is there some sort of test-case that triggers this issue reliable?

also, why do we ignore locked groups here? It'd be great to have some
explanation, this is code that hardly anyone knows inside-out, so having
this in the commit message would help a lot.

patch itself looks good though, but I'm lacking context here so I don't know
if there could be any side-effects.

Cheers,
   Peter

> 
> Signed-off-by: Andreas Wettstein <wettstein509 at solnet.ch>
> ---
>  xkb/xkbUtils.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c
> index c23cd77..6c6af60 100644
> --- a/xkb/xkbUtils.c
> +++ b/xkb/xkbUtils.c
> @@ -642,6 +642,7 @@ XkbComputeCompatState(XkbSrvInfoPtr xkbi)
>      CARD16 grp_mask;
>      XkbStatePtr state = &xkbi->state;
>      XkbCompatMapPtr map;
> +    XkbControlsPtr ctrls;
>  
>      if (!state || !xkbi->desc || !xkbi->desc->ctrls || !xkbi->desc->compat)
>          return;
> @@ -650,9 +651,14 @@ XkbComputeCompatState(XkbSrvInfoPtr xkbi)
>      grp_mask = map->groups[state->group].mask;
>      state->compat_state = state->mods | grp_mask;
>      state->compat_lookup_mods = state->lookup_mods | grp_mask;
> +    ctrls= xkbi->desc->ctrls;
>  
> -    if (xkbi->desc->ctrls->enabled_ctrls & XkbIgnoreGroupLockMask)
> -        grp_mask = map->groups[state->base_group].mask;
> +    if (ctrls->enabled_ctrls & XkbIgnoreGroupLockMask) {
> +	unsigned char grp = state->base_group+state->latched_group;
> +	if (grp >= ctrls->num_groups)
> +	    grp = XkbAdjustGroup(XkbCharToInt(grp), ctrls);
> +        grp_mask = map->groups[grp].mask;
> +    }
>      state->compat_grab_mods = state->grab_mods | grp_mask;
>      return;
>  }
> -- 
> 1.8.0
> 
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>

More information about the xorg-devel mailing list