forked from enlightenment/efl
efl_ui_selection_manager: fix potential out of bounce access
Summary: We have been casting the selection to unsigned char * for the address of sel and not for the value. Coverity pointed this out: Overrunning buffer pointed to by (unsigned char *)&sel of 8 bytes by passing it to a function which accesses it at byte offset 167 using argument 168 It seems this has been working by memory layout and luck if I understand it all correctly. Coverity ID: 1402666 Reviewers: thiepha, raster, zmike Reviewed By: zmike Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D10107
This commit is contained in:
parent
91f18dc427
commit
351072711c
|
@ -1483,7 +1483,7 @@ _x11_efl_sel_manager_drag_start(Eo *obj EINA_UNUSED, Efl_Ui_Selection_Manager_Da
|
||||||
/* TODO BUG: should increase dnd-awareness, in case it's drop target as well. See _x11_drag_mouse_up() */
|
/* TODO BUG: should increase dnd-awareness, in case it's drop target as well. See _x11_drag_mouse_up() */
|
||||||
ecore_x_dnd_aware_set(xwin, EINA_TRUE);
|
ecore_x_dnd_aware_set(xwin, EINA_TRUE);
|
||||||
ecore_x_dnd_callback_pos_update_set(_x11_drag_move, seat_sel);
|
ecore_x_dnd_callback_pos_update_set(_x11_drag_move, seat_sel);
|
||||||
ecore_x_dnd_self_begin(xwin, (unsigned char *)&sel, sizeof(Sel_Manager_Selection));
|
ecore_x_dnd_self_begin(xwin, (unsigned char *)sel, sizeof(Sel_Manager_Selection));
|
||||||
actx = _x11_dnd_action_rev_map(seat_sel->drag_action);
|
actx = _x11_dnd_action_rev_map(seat_sel->drag_action);
|
||||||
ecore_x_dnd_source_action_set(actx);
|
ecore_x_dnd_source_action_set(actx);
|
||||||
ecore_x_pointer_grab(xwin);
|
ecore_x_pointer_grab(xwin);
|
||||||
|
|
Loading…
Reference in New Issue