Commit 42ae2e81 authored by Siddhesh Poyarekar's avatar Siddhesh Poyarekar Committed by Peter Hutterer

xkb: Allocate size_syms correctly when width of a type increases

The current code seems to skip syms with width less than
type->num_levels when calculating the total size for the new
size_syms. This leads to less space being allocated than necessary
during the next phase, which is to copy over the syms to the new
location. This results in an overflow leading to a crash.
Signed-off-by: default avatarSiddhesh Poyarekar <siddhesh.poyarekar@gmail.com>
Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
parent 88c767ed
......@@ -375,8 +375,10 @@ XkbResizeKeyType(XkbDescPtr xkb,
nResize = 0;
for (nTotal = 1, i = xkb->min_key_code; i <= xkb->max_key_code; i++) {
width = XkbKeyGroupsWidth(xkb, i);
if (width < type->num_levels)
if (width < type->num_levels || width >= new_num_lvls) {
nTotal += XkbKeyNumSyms(xkb,i);
continue;
}
for (match = 0, g = XkbKeyNumGroups(xkb, i) - 1;
(g >= 0) && (!match); g--) {
if (XkbKeyKeyTypeIndex(xkb, i, g) == type_ndx) {
......@@ -384,7 +386,7 @@ XkbResizeKeyType(XkbDescPtr xkb,
match = 1;
}
}
if ((!match) || (width >= new_num_lvls))
if (!match)
nTotal += XkbKeyNumSyms(xkb, i);
else {
nTotal += XkbKeyNumGroups(xkb, i) * new_num_lvls;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment