unvalidated index in _XkbReadGetNamesReply() in XKBNames.c
Hi, In the fifth patch commit for CVE-2013-1997 (5/15), there are some new checks for the _XkbTypedCalloc arguments in order to prevent out-of-bounds memory access.
similar situation to this file is occur in _XkbReadGetNamesReply() in XKBNames.c.
in Line 183, the _XkbTypedCalloc is called.
the first argument is xkb->max_key_code + 1
although there is a condition check before the function call that compares it with zero, but there is no check to see if the nKeys
is in the suitable range.
it can cause another security issue and it needs to ba patched.
Thank you for your attention