From 7ce3ce4be46087f9cc57cb415875abaaa961f734 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sat, 4 May 2013 09:21:14 -0700 Subject: Use _XEatDataWords to avoid overflow of _XEatData calculations rep.length is a CARD32, so rep.length << 2 could overflow in 32-bit builds Signed-off-by: Alan Coopersmith --- configure.ac | 6 ++++++ src/Xinerama.c | 19 ++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index e335508..046a1aa 100644 --- a/configure.ac +++ b/configure.ac @@ -42,6 +42,12 @@ XORG_CHECK_MALLOC_ZERO # Obtain compiler/linker options for depedencies PKG_CHECK_MODULES(XINERAMA, x11 xext xextproto [xineramaproto >= 1.1.99.1]) +# Check for _XEatDataWords function that may be patched into older Xlib releases +SAVE_LIBS="$LIBS" +LIBS="$XINERAMA_LIBS" +AC_CHECK_FUNCS([_XEatDataWords]) +LIBS="$SAVE_LIBS" + # Allow checking code with lint, sparse, etc. XORG_WITH_LINT LINT_FLAGS="${LINT_FLAGS} ${XINERAMA_CFLAGS}" diff --git a/src/Xinerama.c b/src/Xinerama.c index 7d7e4d8..04189b6 100644 --- a/src/Xinerama.c +++ b/src/Xinerama.c @@ -23,6 +23,10 @@ dealings in this Software without prior written authorization from Digital Equipment Corporation. ******************************************************************/ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include #include #include @@ -31,6 +35,19 @@ Equipment Corporation. #include #include +#ifndef HAVE__XEATDATAWORDS +#include /* for LONG64 on 64-bit platforms */ +#include + +static inline void _XEatDataWords(Display *dpy, unsigned long n) +{ +# ifndef LONG64 + if (n >= (ULONG_MAX >> 2)) + _XIOError(dpy); +# endif + _XEatData (dpy, n << 2); +} +#endif static XExtensionInfo _panoramiX_ext_info_data; static XExtensionInfo *panoramiX_ext_info = &_panoramiX_ext_info_data; @@ -302,7 +319,7 @@ XineramaQueryScreens( *number = rep.number; } else - _XEatData(dpy, rep.length << 2); + _XEatDataWords(dpy, rep.length); } else { *number = 0; } -- cgit v1.2.1