Prevent out-of-bounds access in check_butmap_change (#1061466)
This commit is contained in:
Peter Hutterer
parent
0988cc4f36
commit
9804384192
@ -0,0 +1,37 @@
|
|||||||
|
From 554814642e7c927d0c10cdc8a33067c076b159ed Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||||||
|
Date: Fri, 24 Jan 2014 18:16:54 +1000
|
||||||
|
Subject: [PATCH 1/3] dix: fix button state check before changing a button
|
||||||
|
mapping
|
||||||
|
|
||||||
|
dev->button->down is a bitmask, not a normal array. Use the helper function to
|
||||||
|
check, we technically allow the mapping to change after the physical button
|
||||||
|
has been pressed (but not yet processed yet), so only check BUTTON_PROCESSED.
|
||||||
|
|
||||||
|
From XSetPointerMapping(3):
|
||||||
|
"If any of the buttons to be altered are logically in the down state,
|
||||||
|
XSetPointerMapping returns MappingBusy, and the mapping is not changed."
|
||||||
|
|
||||||
|
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
|
||||||
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||||
|
---
|
||||||
|
dix/inpututils.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/dix/inpututils.c b/dix/inpututils.c
|
||||||
|
index 3e1d75f..0cbb02b 100644
|
||||||
|
--- a/dix/inpututils.c
|
||||||
|
+++ b/dix/inpututils.c
|
||||||
|
@@ -60,7 +60,8 @@ check_butmap_change(DeviceIntPtr dev, CARD8 *map, int len, CARD32 *errval_out,
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < len; i++) {
|
||||||
|
- if (dev->button->map[i + 1] != map[i] && dev->button->down[i + 1])
|
||||||
|
+ if (dev->button->map[i + 1] != map[i] &&
|
||||||
|
+ button_is_down(dev, i + 1, BUTTON_PROCESSED))
|
||||||
|
return MappingBusy;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.8.4.2
|
||||||
|
|
||||||
@ -42,7 +42,7 @@
|
|||||||
Summary: X.Org X11 X server
|
Summary: X.Org X11 X server
|
||||||
Name: xorg-x11-server
|
Name: xorg-x11-server
|
||||||
Version: 1.15.0
|
Version: 1.15.0
|
||||||
Release: 2%{?gitdate:.%{gitdate}}%{dist}
|
Release: 3%{?gitdate:.%{gitdate}}%{dist}
|
||||||
URL: http://www.x.org
|
URL: http://www.x.org
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: User Interface/X
|
Group: User Interface/X
|
||||||
@ -141,6 +141,9 @@ Patch9002: 0001-xwayland-Just-send-the-bounding-box-of-the-damage.patch
|
|||||||
# submitted: http://lists.x.org/archives/xorg-devel/2013-October/037996.html
|
# submitted: http://lists.x.org/archives/xorg-devel/2013-October/037996.html
|
||||||
Patch9100: exa-only-draw-valid-trapezoids.patch
|
Patch9100: exa-only-draw-valid-trapezoids.patch
|
||||||
|
|
||||||
|
# in pull request http://patchwork.freedesktop.org/patch/19468/
|
||||||
|
Patch9103: 0001-dix-fix-button-state-check-before-changing-a-button-.patch
|
||||||
|
|
||||||
%global moduledir %{_libdir}/xorg/modules
|
%global moduledir %{_libdir}/xorg/modules
|
||||||
%global drimoduledir %{_libdir}/dri
|
%global drimoduledir %{_libdir}/dri
|
||||||
%global sdkdir %{_includedir}/xorg
|
%global sdkdir %{_includedir}/xorg
|
||||||
@ -636,6 +639,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{xserver_source_dir}
|
%{xserver_source_dir}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 05 2014 Peter Hutterer <peter.hutterer@redhat.com> 1.15.0-3
|
||||||
|
- Prevent out-of-bounds access in check_butmap_change (#1061466)
|
||||||
|
|
||||||
* Tue Jan 14 2014 Adam Jackson <ajax@redhat.com> 1.15.0-2
|
* Tue Jan 14 2014 Adam Jackson <ajax@redhat.com> 1.15.0-2
|
||||||
- exa-only-draw-valid-trapezoids.patch: Fix crash in exa.
|
- exa-only-draw-valid-trapezoids.patch: Fix crash in exa.
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user