From 351072711cbdea756421f22abc2382bc98e95e57 Mon Sep 17 00:00:00 2001 From: Stefan Schmidt Date: Tue, 24 Sep 2019 16:56:48 -0400 Subject: [PATCH] efl_ui_selection_manager: fix potential out of bounce access Summary: We have been casting the selection to unsigned char * for the address of sel and not for the value. Coverity pointed this out: Overrunning buffer pointed to by (unsigned char *)&sel of 8 bytes by passing it to a function which accesses it at byte offset 167 using argument 168 It seems this has been working by memory layout and luck if I understand it all correctly. Coverity ID: 1402666 Reviewers: thiepha, raster, zmike Reviewed By: zmike Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D10107 --- src/lib/elementary/efl_ui_selection_manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/elementary/efl_ui_selection_manager.c b/src/lib/elementary/efl_ui_selection_manager.c index 38b1766b9c..3d8e311580 100644 --- a/src/lib/elementary/efl_ui_selection_manager.c +++ b/src/lib/elementary/efl_ui_selection_manager.c @@ -1483,7 +1483,7 @@ _x11_efl_sel_manager_drag_start(Eo *obj EINA_UNUSED, Efl_Ui_Selection_Manager_Da /* TODO BUG: should increase dnd-awareness, in case it's drop target as well. See _x11_drag_mouse_up() */ ecore_x_dnd_aware_set(xwin, EINA_TRUE); ecore_x_dnd_callback_pos_update_set(_x11_drag_move, seat_sel); - ecore_x_dnd_self_begin(xwin, (unsigned char *)&sel, sizeof(Sel_Manager_Selection)); + ecore_x_dnd_self_begin(xwin, (unsigned char *)sel, sizeof(Sel_Manager_Selection)); actx = _x11_dnd_action_rev_map(seat_sel->drag_action); ecore_x_dnd_source_action_set(actx); ecore_x_pointer_grab(xwin);