xkb: Undefined behavior due to left shift overflow in _XkbReadGetIndicatorMapReply

Description

While testing Xfce and its dependencies with UndefinedBehaviorSanitizer, I triggered the following warning:

XKBleds.c:86:27: runtime error: left shift of 1073741824 by 1 places cannot be represented in type 'int'
    #0 0x7d0a9e6fcf5d in _XkbReadGetIndicatorMapReply libx11/src/xkb/XKBleds.c:86
    #1 0x7d0a9e6fd4a0 in XkbGetIndicatorMap libx11/src/xkb/XKBleds.c:148
    #2 0x7d0aa34efbe8  (/usr/lib/libxklavier.so.16+0x8be8)
    #3 0x7d0aa34eff87  (/usr/lib/libxklavier.so.16+0x8f87)
    #4 0x7d0aa34f6f37  (/usr/lib/libxklavier.so.16+0xff37)
    #5 0x7d0a9fd8142c in g_object_new_with_custom_constructor gobject/gobject.c:2524
    #6 0x7d0a9fd81f59 in g_object_new_internal gobject/gobject.c:2604
    #7 0x7d0a9fd879cb in g_object_new_valist gobject/gobject.c:2945
    #8 0x7d0a9fd8911b in g_object_new gobject/gobject.c:2418
    #9 0x7d0aa34f18e5 in xkl_engine_get_instance (/usr/lib/libxklavier.so.16+0xa8e5)
    #10 0x62b4eb9d9151 in xfce_keyboard_layout_helper_init xfce4-settings/xfsettingsd/keyboard-layout.c:119
[...snip...]

The overflow stems from this loop:

82        register int i, bit;
83
84        left = (int) rep->which;
85        for (i = 0, bit = 1; (i < XkbNumIndicators) && (left);
86             i++, bit <<= 1) {

Version info

8703ecf1 compiled on Arch Linux

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

xkb: Undefined behavior due to left shift overflow in _XkbReadGetIndicatorMapReply

Description

Version info