Commit 752170e8 authored by Matthias Clasen's avatar Matthias Clasen

Fix an out-of-bounds access in MyEnhancedXkbTranslateKeyCode

Commits 314b6abb and eb9223c0 were ignoring
the fact that the code where found is set to 1 was modifying
col - which was an ok thing to do when that part of the code
was still breaking out of the loop, but it is no longer doing
that (since 2003 !). Fix things up by storing the final col
value in a separate variable and using that after the loop.

https://bugzilla.gnome.org/show_bug.cgi?id=738886
parent 8336d56a
......@@ -1058,6 +1058,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr xkb,
int col,nKeyGroups;
unsigned preserve,effectiveGroup;
KeySym *syms;
int found_col = 0;
if (mods_rtrn!=NULL)
*mods_rtrn = 0;
......@@ -1090,7 +1091,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr xkb,
break;
}
}
col= effectiveGroup*XkbKeyGroupsWidth(xkb,key);
found_col = col= effectiveGroup*XkbKeyGroupsWidth(xkb,key);
type = XkbKeyKeyType(xkb,key,effectiveGroup);
preserve= 0;
......@@ -1129,7 +1130,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr xkb,
}
if (!found && ((mods&type->mods.mask) == entry->mods.mask)) {
col+= entry->level;
found_col= col + entry->level;
if (type->preserve)
preserve= type->preserve[i].mask;
......@@ -1143,7 +1144,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr xkb,
}
if (keysym_rtrn!=NULL)
*keysym_rtrn= syms[col];
*keysym_rtrn= syms[found_col];
if (mods_rtrn) {
/* ---- Begin section modified for GDK ---- */
*mods_rtrn &= ~preserve;
......@@ -1175,7 +1176,7 @@ MyEnhancedXkbTranslateKeyCode(register XkbDescPtr xkb,
/* ---- End stuff GDK adds to the original Xlib version ---- */
return (syms[col] != NoSymbol);
return (syms[found_col] != NoSymbol);
}
#endif /* HAVE_XKB */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment