From 6d54f4608db0b37840eb4bd0df11003c31d4ffff Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Sat, 20 Apr 2013 10:31:01 +0900 Subject: [PATCH] fix 64bit ecore-x selection overrun bug. --- ChangeLog | 7 +++++++ NEWS | 1 + src/lib/ecore_x/xcb/ecore_xcb_selection.c | 4 ++-- src/lib/ecore_x/xlib/ecore_x_selection.c | 4 ++-- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 977431f40e..927dcc86a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,13 @@ * Edje: When selected word exists, selection is cleared and cursor remains on the current edje_entry by additional key input. +2013-04-20 Carsten Haitzler (The Rasterman) + + * Ecore-X: Fix selection parser to not use longs - wrong on + 64bit as the rest of ecore-x keeps types to their REAL sizes (ints), + but xlib uses longs (change size - eg 64bit even though protocol-wise + the data is DEFINEd as 32bit) + 2013-04-19 Jihoon Kim (jihoon) * Edje: Remove code to call ecore_imf_context_reset in case of pressing ESC, Return key diff --git a/NEWS b/NEWS index 17ede5ab1c..d788220c29 100644 --- a/NEWS +++ b/NEWS @@ -252,3 +252,4 @@ Fixes: * Evas: Fix evas gl_x11 in 16bpp and lower depths than 24/32 bpp. * Edje: Fix useless ecore_imf_context_reset call in case of pressing ESC and Return key * Edje: When selected word exists, selection is cleared and cursor remains on the current entry by additional key input. + * Ecore-X: Fix selection parser to not overrun buffer read by using longs on 64bit. diff --git a/src/lib/ecore_x/xcb/ecore_xcb_selection.c b/src/lib/ecore_x/xcb/ecore_xcb_selection.c index 1a5b539705..8be1f97fe1 100644 --- a/src/lib/ecore_x/xcb/ecore_xcb_selection.c +++ b/src/lib/ecore_x/xcb/ecore_xcb_selection.c @@ -865,13 +865,13 @@ _ecore_xcb_selection_parser_targets(const char *target EINA_UNUSED, int format EINA_UNUSED) { Ecore_X_Selection_Data_Targets *sel; - unsigned long *targets; + int *targets; int i = 0; LOGFN(__FILE__, __LINE__, __FUNCTION__); CHECK_XCB_CONN; - if (!(targets = (unsigned long *)data)) return NULL; + if (!(targets = data)) return NULL; sel = calloc(1, sizeof(Ecore_X_Selection_Data_Targets)); if (!sel) return NULL; diff --git a/src/lib/ecore_x/xlib/ecore_x_selection.c b/src/lib/ecore_x/xlib/ecore_x_selection.c index 60cf2cf1a7..3c1b70cabb 100644 --- a/src/lib/ecore_x/xlib/ecore_x_selection.c +++ b/src/lib/ecore_x/xlib/ecore_x_selection.c @@ -959,12 +959,12 @@ _ecore_x_selection_parser_targets(const char *target EINA_UNUSED, int format EINA_UNUSED) { Ecore_X_Selection_Data_Targets *sel; - unsigned long *targets; + int *targets; int i; sel = calloc(1, sizeof(Ecore_X_Selection_Data_Targets)); if (!sel) return NULL; - targets = (unsigned long *)data; + targets = data; sel->num_targets = size - 2; sel->targets = malloc((size - 2) * sizeof(char *));