cursor: fix crash with weird input files (!138) · Merge requests · wayland / wayland

Tobias Stoeckmann requested to merge tstoeckmann/wayland:cursor-fpe into main May 14, 2021

If a cursor file contains multiple images for the same size, this typically indicates an animation. The compositor weston uses wl_cursor_frame_and_duration to figure out at which time a specific image should be shown.

The total delay is the sum of all image delays. But if all images have a delay of 0, the total delay is 0 as well. The code does not check for this special condition and triggers a floating point exception by eventually performing a modulo operation with 0.

This, of course, could also happen if the sum of all image delays triggers an unsigned int overflow. But since a comment in the code already indicates that it does not try to "fix" handling of weird files, I would argue that it's "okay" if that happens. At least the program won't crash.

Proof of Concept:

install -D ~/.icons/poc/cursors
base64 -d > ~/.icons/poc/cursors/left_ptr << EOF
WGN1chAAAAAAAAEAAgAAAAIA/f8BAAAAKAAAAAIA/f8BAAAAKAAAACQAAAACAP3/AQAAAAEAAAAB
AAAAAQAAAAEAAAABAAAAAAAAAAAAAAA=
EOF
cat > /tmp/weston.ini << EOF
[shell]
cursor-theme=poc
EOF
weston -c /tmp/weston.ini

Signed-off-by: Tobias Stoeckmann tobias@stoeckmann.org

Edited May 14, 2021 by Tobias Stoeckmann

Admin message

cursor: fix crash with weird input files

Merge request reports