[PATCH][RESEND] xkb: Allocate size_syms correctly when width of a type increases
Peter Hutterer
peter.hutterer at who-t.net
Sun Jun 3 18:26:47 PDT 2012
On Tue, May 29, 2012 at 10:17:50AM +0530, Siddhesh Poyarekar wrote:
> The current code seems to skip syms with width less than
> type->num_levels when calculating the total size for the new
> size_syms. This leads to less space being allocated than necessary
> during the next phase, which is to copy over the syms to the new
> location. This results in an overflow leading to a crash.
>
> Signed-off-by: Siddhesh Poyarekar <siddhesh.poyarekar at gmail.com>
> ---
> xkb/XKBMAlloc.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/xkb/XKBMAlloc.c b/xkb/XKBMAlloc.c
> index 645e905..3ffd5da 100644
> --- a/xkb/XKBMAlloc.c
> +++ b/xkb/XKBMAlloc.c
> @@ -375,8 +375,10 @@ XkbResizeKeyType(XkbDescPtr xkb,
> nResize = 0;
> for (nTotal = 1, i = xkb->min_key_code; i <= xkb->max_key_code; i++) {
> width = XkbKeyGroupsWidth(xkb, i);
> - if (width < type->num_levels)
> + if (width < type->num_levels || width >= new_num_lvls) {
> + nTotal += XkbKeyNumSyms(xkb,i);
> continue;
> + }
> for (match = 0, g = XkbKeyNumGroups(xkb, i) - 1;
> (g >= 0) && (!match); g--) {
> if (XkbKeyKeyTypeIndex(xkb, i, g) == type_ndx) {
> @@ -384,7 +386,7 @@ XkbResizeKeyType(XkbDescPtr xkb,
> match = 1;
> }
> }
> - if ((!match) || (width >= new_num_lvls))
> + if (!match)
> nTotal += XkbKeyNumSyms(xkb, i);
> else {
> nTotal += XkbKeyNumGroups(xkb, i) * new_num_lvls;
> --
>
> This problem is reproducible on RHEL-5 by using XDMCP query to connect to
> a RHEL-6 server since the keymaps generated are different on RHEL-5 and
> RHEL-6 (and hence the need to adjust the keymap). The code around this
> has not changed much since RHEL-5 so I believe this fix should be
> relevant upstream too.
thanks, merged and will be upstream soon.
Cheers,
Peter
More information about the xorg-devel
mailing list