Hello community,
here is the log from the commit of package libXtst for openSUSE:Factory checked in at 2016-11-05 21:22:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libXtst (Old)
and /work/SRC/openSUSE:Factory/.libXtst.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXtst"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libXtst/libXtst.changes 2013-06-05 11:57:56.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libXtst.new/libXtst.changes 2016-11-05 21:22:12.000000000 +0100
@@ -1,0 +2,12 @@
+Wed Nov 2 10:38:17 UTC 2016 - sndirsch@suse.com
+
+- tagged baselibs.conf as source in specfile
+
+-------------------------------------------------------------------
+Sat Oct 29 00:00:07 UTC 2016 - tobias.johannes.klausmann@mni.thm.de
+
+- Update to version 1.2.3:
+ + Remove fallback for _XEatDataWords, require libX11 1.6 for it
+ + Out of boundary access and endless loop in libXtst
+
+-------------------------------------------------------------------
Old:
----
libXtst-1.2.2.tar.bz2
New:
----
libXtst-1.2.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libXtst.spec ++++++
--- /var/tmp/diff_new_pack.T6wVZ9/_old 2016-11-05 21:22:13.000000000 +0100
+++ /var/tmp/diff_new_pack.T6wVZ9/_new 2016-11-05 21:22:13.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libXtst
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: libXtst
%define lname libXtst6
-Version: 1.2.2
+Version: 1.2.3
Release: 0
Summary: Xlib-based client API for the XTEST and RECORD extensions
License: MIT
@@ -28,7 +28,7 @@
#Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXtst
#Git-Web: http://cgit.freedesktop.org/xorg/lib/libXtst/
Source: http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2
-
+Source1: baselibs.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#git#BuildRequires: autoconf >= 2.60, automake, libtool
BuildRequires: fdupes
++++++ libXtst-1.2.2.tar.bz2 -> libXtst-1.2.3.tar.bz2 ++++++
++++ 16603 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/ChangeLog new/libXtst-1.2.3/ChangeLog
--- old/libXtst-1.2.2/ChangeLog 2013-05-31 04:10:37.000000000 +0200
+++ new/libXtst-1.2.3/ChangeLog 2016-10-04 22:24:10.000000000 +0200
@@ -1,3 +1,47 @@
+commit 9f5621a410f18149d4c76b02daa7f1a98b4a2c16
+Author: Matthieu Herrb
+Date: Tue Oct 4 21:28:17 2016 +0200
+
+ libXtst 1.2.3
+
+ Signed-off-by: Matthieu Herrb
+
+commit 9556ad67af3129ec4a7a4f4b54a0d59701beeae3
+Author: Tobias Stoeckmann
+Date: Sun Sep 25 21:37:01 2016 +0200
+
+ Out of boundary access and endless loop in libXtst
+
+ A lack of range checks in libXtst allows out of boundary accesses.
+ The checks have to be done in-place here, because it cannot be done
+ without in-depth knowledge of the read data.
+
+ If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
+ without a client sequence have attached data, an endless loop would
+ occur. The do-while-loop continues until the current index reaches
+ the end. But in these cases, the current index would not be
+ incremented, leading to an endless processing.
+
+ Signed-off-by: Tobias Stoeckmann
+ Reviewed-by: Matthieu Herrb
+
+commit 48d2656fa1dd98e9d88b31211fa4f09f813e7b30
+Author: Michael Joost
+Date: Mon Nov 18 16:11:26 2013 +0100
+
+ Remove fallback for _XEatDataWords, require libX11 1.6 for it
+
+ _XEatDataWords was orignally introduced with the May 2013 security
+ patches, and in order to ease the process of delivering those,
+ fallback versions of _XEatDataWords were included in the X extension
+ library patches so they could be applied to older versions that didn't
+ have libX11 1.6 yet. Now that we're past that hurdle, we can drop
+ the fallbacks and just require libX11 1.6 for building new versions
+ of the extension libraries.
+
+ Reviewed-by: Alan Coopersmith
+ Signed-off-by: Alan Coopersmith
+
commit cdc04f06325e55916e0c95b61db626d22b76e2ff
Author: Alan Coopersmith
Date: Thu May 30 19:09:42 2013 -0700
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/compile new/libXtst-1.2.3/compile
--- old/libXtst-1.2.2/compile 1970-01-01 01:00:00.000000000 +0100
+++ new/libXtst-1.2.3/compile 2016-10-04 00:55:12.000000000 +0200
@@ -0,0 +1,347 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand '-c -o'.
+
+scriptversion=2012-10-14.11; # UTC
+
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+# Written by Tom Tromey .
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to or send patches to
+# .
+
+nl='
+'
+
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" "" $nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv/,$2, in
+ *,$file_conv,*)
+ ;;
+ mingw/*)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin/*)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine/*)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+ func_file_conv "$1"
+ if test -z "$lib_path"; then
+ lib_path=$file
+ else
+ lib_path="$lib_path;$file"
+ fi
+ linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+ lib=$1
+ found=no
+ save_IFS=$IFS
+ IFS=';'
+ for dir in $lib_path $LIB
+ do
+ IFS=$save_IFS
+ if $shared && test -f "$dir/$lib.dll.lib"; then
+ found=yes
+ lib=$dir/$lib.dll.lib
+ break
+ fi
+ if test -f "$dir/$lib.lib"; then
+ found=yes
+ lib=$dir/$lib.lib
+ break
+ fi
+ if test -f "$dir/lib$lib.a"; then
+ found=yes
+ lib=$dir/lib$lib.a
+ break
+ fi
+ done
+ IFS=$save_IFS
+
+ if test "$found" != yes; then
+ lib=$lib.lib
+ fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+ # Assume a capable shell
+ lib_path=
+ shared=:
+ linker_opts=
+ for arg
+ do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ eat=1
+ case $2 in
+ *.o | *.[oO][bB][jJ])
+ func_file_conv "$2"
+ set x "$@" -Fo"$file"
+ shift
+ ;;
+ *)
+ func_file_conv "$2"
+ set x "$@" -Fe"$file"
+ shift
+ ;;
+ esac
+ ;;
+ -I)
+ eat=1
+ func_file_conv "$2" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -I*)
+ func_file_conv "${1#-I}" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -l)
+ eat=1
+ func_cl_dashl "$2"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -l*)
+ func_cl_dashl "${1#-l}"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -L)
+ eat=1
+ func_cl_dashL "$2"
+ ;;
+ -L*)
+ func_cl_dashL "${1#-L}"
+ ;;
+ -static)
+ shared=false
+ ;;
+ -Wl,*)
+ arg=${1#-Wl,}
+ save_ifs="$IFS"; IFS=','
+ for flag in $arg; do
+ IFS="$save_ifs"
+ linker_opts="$linker_opts $flag"
+ done
+ IFS="$save_ifs"
+ ;;
+ -Xlinker)
+ eat=1
+ linker_opts="$linker_opts $2"
+ ;;
+ -*)
+ set x "$@" "$1"
+ shift
+ ;;
+ *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+ func_file_conv "$1"
+ set x "$@" -Tp"$file"
+ shift
+ ;;
+ *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+ func_file_conv "$1" mingw
+ set x "$@" "$file"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+ done
+ if test -n "$linker_opts"; then
+ linker_opts="-link$linker_opts"
+ fi
+ exec "$@" $linker_opts
+ exit 1
+}
+
+eat=
+
+case $1 in
+ '')
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file 'INSTALL'.
+
+Report bugs to .
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "compile $scriptversion"
+ exit $?
+ ;;
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ func_cl_wrapper "$@" # Doesn't return...
+ ;;
+esac
+
+ofile=
+cfile=
+
+for arg
+do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ # So we strip '-o arg' only if arg is an object.
+ eat=1
+ case $2 in
+ *.o | *.obj)
+ ofile=$2
+ ;;
+ *)
+ set x "$@" -o "$2"
+ shift
+ ;;
+ esac
+ ;;
+ *.c)
+ cfile=$1
+ set x "$@" "$1"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+ # If no '-o' option was seen then we might have been invoked from a
+ # pattern rule where we don't need one. That is ok -- this is a
+ # normal compilation that the losing compiler can handle. If no
+ # '.c' file was seen then we are probably linking. That is also
+ # ok.
+ exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file. Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+ if mkdir "$lockdir" >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+ test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+ test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/config.h.in new/libXtst-1.2.3/config.h.in
--- old/libXtst-1.2.2/config.h.in 2013-05-31 04:09:57.000000000 +0200
+++ new/libXtst-1.2.3/config.h.in 2016-10-04 21:25:55.000000000 +0200
@@ -30,9 +30,6 @@
/* Define to 1 if you have the header file. */
#undef HAVE_UNISTD_H
-/* Define to 1 if you have the `_XEatDataWords' function. */
-#undef HAVE__XEATDATAWORDS
-
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#undef LT_OBJDIR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/configure.ac new/libXtst-1.2.3/configure.ac
--- old/libXtst-1.2.2/configure.ac 2013-05-31 04:09:49.000000000 +0200
+++ new/libXtst-1.2.3/configure.ac 2016-10-04 21:25:18.000000000 +0200
@@ -22,7 +22,7 @@
# Initialize Autoconf
AC_PREREQ([2.60])
-AC_INIT([libXtst], [1.2.2],
+AC_INIT([libXtst], [1.2.3],
[https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXtst])
AC_CONFIG_SRCDIR([Makefile.am])
AC_CONFIG_HEADERS([config.h])
@@ -45,13 +45,7 @@
XORG_CHECK_SGML_DOCTOOLS(1.8)
# Obtain compiler/linker options for depedencies
-PKG_CHECK_MODULES(XTST, x11 [xext >= 1.0.99.4] xi [recordproto >= 1.13.99.1] [xextproto >= 7.0.99.3] inputproto)
-
-# Check for _XEatDataWords function that may be patched into older Xlib release
-SAVE_LIBS="$LIBS"
-LIBS="$XTST_LIBS"
-AC_CHECK_FUNCS([_XEatDataWords])
-LIBS="$SAVE_LIBS"
+PKG_CHECK_MODULES(XTST, [x11 >= 1.6] [xext >= 1.0.99.4] xi [recordproto >= 1.13.99.1] [xextproto >= 7.0.99.3] inputproto)
# Determine if the source for man pages is available
# It may already be present (tarball) or can be generated using xmlto
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/man/XTestQueryExtension.man new/libXtst-1.2.3/man/XTestQueryExtension.man
--- old/libXtst-1.2.2/man/XTestQueryExtension.man 2013-05-31 04:10:19.000000000 +0200
+++ new/libXtst-1.2.3/man/XTestQueryExtension.man 2016-10-04 21:25:56.000000000 +0200
@@ -1,7 +1,7 @@
'\" t
.\" Title: XTest
.\" Author: Kieron Drake
-.\" Generator: DocBook XSL Stylesheets vsnapshot_9276 http://docbook.sf.net/
+.\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/
.\" Date: <pubdate>6 June 2007</pubdate>
.\" Manual: XTST FUNCTIONS
.\" Source: __xorgversion__
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/missing new/libXtst-1.2.3/missing
--- old/libXtst-1.2.2/missing 2013-05-31 04:09:58.000000000 +0200
+++ new/libXtst-1.2.3/missing 2016-10-04 00:55:12.000000000 +0200
@@ -1,7 +1,7 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2012-06-26.16; # UTC
+scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard , 1996.
@@ -160,7 +160,7 @@
;;
autom4te*)
echo "You might have modified some maintainer files that require"
- echo "the 'automa4te' program to be rebuilt."
+ echo "the 'autom4te' program to be rebuilt."
program_details 'autom4te'
;;
bison*|yacc*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXtst-1.2.2/src/XRecord.c new/libXtst-1.2.3/src/XRecord.c
--- old/libXtst-1.2.2/src/XRecord.c 2013-05-31 04:09:49.000000000 +0200
+++ new/libXtst-1.2.3/src/XRecord.c 2016-09-23 09:56:49.000000000 +0200
@@ -61,17 +61,6 @@
#include
#include
-#ifndef HAVE__XEATDATAWORDS
-static inline void _XEatDataWords(Display *dpy, unsigned long n)
-{
-# ifndef LONG64
- if (n >= (ULONG_MAX >> 2))
- _XIOError(dpy);
-# endif
- _XEatData (dpy, n << 2);
-}
-#endif
-
static XExtensionInfo _xrecord_info_data;
static XExtensionInfo *xrecord_info = &_xrecord_info_data;
static const char *xrecord_extension_name = RECORD_NAME;
@@ -760,15 +749,23 @@
switch (rep->category) {
case XRecordFromServer:
if (rep->elementHeader&XRecordFromServerTime) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->server_time);
current_index += 4;
}
+ if (current_index + 1 > rep->length << 2)
+ return Error;
switch (reply->buf[current_index]) {
case X_Reply: /* reply */
+ if (current_index + 8 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index+4, datum_bytes);
+ if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
+ return Error;
datum_bytes = (datum_bytes+8) << 2;
break;
default: /* error or event */
@@ -777,52 +774,73 @@
break;
case XRecordFromClient:
if (rep->elementHeader&XRecordFromClientTime) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->server_time);
current_index += 4;
}
if (rep->elementHeader&XRecordFromClientSequence) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->client_seq);
current_index += 4;
}
+ if (current_index + 4 > rep->length<<2)
+ return Error;
if (reply->buf[current_index+2] == 0
&& reply->buf[current_index+3] == 0) /* needn't swap 0 */
{ /* BIG-REQUESTS */
+ if (current_index + 8 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index+4, datum_bytes);
} else {
EXTRACT_CARD16(rep->clientSwapped,
reply->buf+current_index+2, datum_bytes);
}
+ if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
+ return Error;
datum_bytes <<= 2;
break;
case XRecordClientStarted:
+ if (current_index + 8 > rep->length << 2)
+ return Error;
EXTRACT_CARD16(rep->clientSwapped,
reply->buf+current_index+6, datum_bytes);
datum_bytes = (datum_bytes+2) << 2;
break;
case XRecordClientDied:
if (rep->elementHeader&XRecordFromClientSequence) {
+ if (current_index + 4 > rep->length << 2)
+ return Error;
EXTRACT_CARD32(rep->clientSwapped,
reply->buf+current_index,
data->client_seq);
current_index += 4;
- }
- /* fall through */
+ } else if (current_index < rep->length << 2)
+ return Error;
+ datum_bytes = 0;
+ break;
case XRecordStartOfData:
case XRecordEndOfData:
+ if (current_index < rep->length << 2)
+ return Error;
datum_bytes = 0;
+ break;
}
if (datum_bytes > 0) {
- if (current_index + datum_bytes > rep->length << 2)
+ if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) {
fprintf(stderr,
"XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n",
- (long)rep->length << 2, current_index + datum_bytes,
+ (unsigned long)rep->length << 2, current_index + datum_bytes,
dpy->last_request_read);
+ return Error;
+ }
/*
* This assignment (and indeed the whole buffer sharing
* scheme) assumes arbitrary 4-byte boundaries are
@@ -872,6 +890,12 @@
UnlockDisplay(dpy);
SyncHandle();
return 0;
+ }
+
+ if (rep.length > INT_MAX >> 2) {
+ UnlockDisplay(dpy);
+ SyncHandle();
+ return 0;
}
if (rep.length > 0) {