xkb: Allocate size_syms correctly when width of a type increases
The current code seems to skip syms with width less than type->num_levels when calculating the total size for the new size_syms. This leads to less space being allocated than necessary during the next phase, which is to copy over the syms to the new location. This results in an overflow leading to a crash. Signed-off-by: Siddhesh Poyarekar <siddhesh.poyarekar@gmail.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This commit is contained in:
parent
88c767edb0
commit
42ae2e8199
|
@ -375,8 +375,10 @@ XkbResizeKeyType(XkbDescPtr xkb,
|
||||||
nResize = 0;
|
nResize = 0;
|
||||||
for (nTotal = 1, i = xkb->min_key_code; i <= xkb->max_key_code; i++) {
|
for (nTotal = 1, i = xkb->min_key_code; i <= xkb->max_key_code; i++) {
|
||||||
width = XkbKeyGroupsWidth(xkb, i);
|
width = XkbKeyGroupsWidth(xkb, i);
|
||||||
if (width < type->num_levels)
|
if (width < type->num_levels || width >= new_num_lvls) {
|
||||||
|
nTotal += XkbKeyNumSyms(xkb,i);
|
||||||
continue;
|
continue;
|
||||||
|
}
|
||||||
for (match = 0, g = XkbKeyNumGroups(xkb, i) - 1;
|
for (match = 0, g = XkbKeyNumGroups(xkb, i) - 1;
|
||||||
(g >= 0) && (!match); g--) {
|
(g >= 0) && (!match); g--) {
|
||||||
if (XkbKeyKeyTypeIndex(xkb, i, g) == type_ndx) {
|
if (XkbKeyKeyTypeIndex(xkb, i, g) == type_ndx) {
|
||||||
|
@ -384,7 +386,7 @@ XkbResizeKeyType(XkbDescPtr xkb,
|
||||||
match = 1;
|
match = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ((!match) || (width >= new_num_lvls))
|
if (!match)
|
||||||
nTotal += XkbKeyNumSyms(xkb, i);
|
nTotal += XkbKeyNumSyms(xkb, i);
|
||||||
else {
|
else {
|
||||||
nTotal += XkbKeyNumGroups(xkb, i) * new_num_lvls;
|
nTotal += XkbKeyNumGroups(xkb, i) * new_num_lvls;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user