Commit 6b1ccb8b authored by David Redondo's avatar David Redondo 🏎
Browse files

xwayland: Fix out of bounds write

Detected using ASAN, declaration of the type is:
typedef union xcb_client_message_data_t {
    uint8_t  data8[20];
    uint16_t data16[10];
    uint32_t data32[5];
} xcb_client_message_data_t;
parent 6a0fd1d6
Pipeline #128499 passed with stage
in 11 minutes and 57 seconds
......@@ -236,7 +236,9 @@ void Xvisit::sendEnter()
const auto mimeTypesNames = m_dataSource->mimeTypes();
const int mimesCount = mimeTypesNames.size();
size_t cnt = 0;
// Number of written entries in data32
size_t cnt = 2;
// Number of mimeTypes
size_t totalCnt = 0;
for (const auto &mimeName : mimeTypesNames) {
// 3 mimes and less can be sent directly in the XdndEnter message
......@@ -246,13 +248,13 @@ void Xvisit::sendEnter()
const auto atom = Selection::mimeTypeToAtom(mimeName);
if (atom != XCB_ATOM_NONE) {
data.data32[cnt + 2] = atom;
data.data32[cnt] = atom;
cnt++;
}
totalCnt++;
}
for (int i = cnt; i < 4; i++) {
data.data32[i + 2] = XCB_ATOM_NONE;
for (int i = cnt; i < 5; i++) {
data.data32[i] = XCB_ATOM_NONE;
}
if (mimesCount > 3) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment