- 30 Aug, 2020 2 commits
-
-
Valentin authored
Without the casts the bytes accesses get converted to int. but int is not guaranteed to be 4 bytes large. Even when it is 4 bytes large `bytes[3] << 24` does not fit because int is signed.
-
Valentin authored
This type is meant to be 4 bytes large as seen in _XcursorReadUInt which always reads 4 bytes. An unsigned int is often 4 bytes large but this isnt' guaranteed so it is cleaner to use the exact type we want.
-
- 11 Mar, 2019 1 commit
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 08 Dec, 2018 1 commit
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 20 Nov, 2018 1 commit
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 10 Nov, 2018 1 commit
-
-
Cosimo Cecchi authored
Nowadays ~/.icons is not used anymore as the preferred location for custom user icon themes; XDG_DATA_HOME/icons (aka ~/.local/share/icons) is what toolkits like GTK prefer. Prepend that location to the default xcursor path, so that cursor themes installed there can be used by apps and toolkits that use libXcursor.
-
- 24 Mar, 2018 1 commit
-
-
Philipp Ludwig authored
https://bugs.freedesktop.org/show_bug.cgi?id=3603Signed-off-by:
Philipp Ludwig <git-devel@philippludwig.net> Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 25 Nov, 2017 2 commits
-
-
Matthieu Herrb authored
Signed-off-by:
Matthieu Herrb <matthieu@herrb.eu>
-
Tobias Stoeckmann authored
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads. The signedness bug is triggered by reading the length of a comment as unsigned int, but casting it to int when calling the function XcursorCommentCreate. Turning length into a negative value allows the check against XCURSOR_COMMENT_MAX_LEN to pass, and the following addition of sizeof (XcursorComment) + 1 makes it possible to allocate less memory than needed for subsequent reads. Signed-off-by:
Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by:
Matthieu Herrb <matthieu@herrb.eu>
-
- 26 Jan, 2017 3 commits
-
-
Mihail Konev authored
Signed-off-by:
Mihail Konev <k.mvc@ya.ru>
-
Emil Velikov authored
Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent fall-outs, when they contain space. Signed-off-by:
Emil Velikov <emil.l.velikov@gmail.com> Reviewed-by:
Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by:
Peter Hutterer <peter.hutterer@who-t.net>
-
Peter Hutterer authored
Syncs the invocation of configure with the one from the server. Signed-off-by:
Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by:
Emil Velikov <emil.velikov@collabora.com>
-
- 05 Jun, 2015 1 commit
-
-
shubham shrivastav authored
Fix does one byte of memory allocation for null termination of string. https://bugs.freedesktop.org/show_bug.cgi?id=90857Reviewed-by:
Keith Packard <keithp@keithp.com> Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 18 Oct, 2014 2 commits
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 05 Jun, 2014 2 commits
-
-
Alan Coopersmith authored
See http://people.gnome.org/~walters/docs/build-api.txtSigned-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 30 May, 2013 1 commit
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 27 Apr, 2013 1 commit
-
-
Alan Coopersmith authored
When parsing cursor files, a user defined (e.g. through environment variables) cursor file is opened and parsed. The header is read in _XcursorReadFileHeader(), which reads an unsigned int for the number of toc structures in the header, but it was being passed to _XcursorFileHeaderCreate() as a signed int to allocate those structures. If the number was negative, it would pass the bounds check and could overflow the calculation for how much memory to allocate to store the data being read, leading to overflowing the buffer with the data read from the user controlled file. Reported-by:
Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 16 Jan, 2013 1 commit
-
-
Alan Coopersmith authored
Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html - Support for the long-deprecated INCLUDES variable will be removed altogether in Automake 1.14. The AM_CPPFLAGS variable should be used instead. This variable was deprecated in Automake releases prior to 1.10, which is the current minimum level required to build X. Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 08 Mar, 2012 1 commit
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 01 Dec, 2011 2 commits
-
-
Alan Coopersmith authored
Error: Null pointer dereference (CWE 476) Read from null pointer 'info' at line 615 of src/cursor.c in function 'XcursorImageLoadCursor'. Function '_XcursorGetDisplayInfo' may return constant 'NULL' at line 134, called at line 597. Null pointer introduced at line 134 of src/display.c in function '_XcursorGetDisplayInfo'. [ This bug was found by the Parfait 0.3.7 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by:
Jeremy Huddleston <jeremyhu@apple.com>
-
Alan Coopersmith authored
Error: Memory leak (CWE 401) Memory leak of pointer 'comments' allocated with XcursorCommentsCreate(0) at line 982 of src/file.c in function 'XcursorFileSaveImages'. 'comments' allocated at line 978 with XcursorCommentsCreate(0). comments leaks when comments != 0 at line 981. [ This bug was found by the Parfait 0.3.7 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by:
Jeremy Huddleston <jeremyhu@apple.com>
-
- 25 Sep, 2011 2 commits
-
-
Jon Turney authored
Signed-off-by:
Jon TURNEY <jon.turney@dronecode.org.uk> Reviewed-by:
Gaetan Nadon <memsize@videotron.ca> Tested-by:
Gaetan Nadon <memsize@videotron.ca> Reviewed-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
Jon Turney authored
Signed-off-by:
Jon TURNEY <jon.turney@dronecode.org.uk> Reviewed-by:
Gaetan Nadon <memsize@videotron.ca> Tested-by:
Gaetan Nadon <memsize@videotron.ca> Reviewed-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 20 Sep, 2011 1 commit
-
-
Alan Coopersmith authored
Based on similar commit dac73a519816 to libXft Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by:
Gaetan Nadon <memsize@videotron.ca>
-
- 17 Sep, 2011 1 commit
-
-
Alan Coopersmith authored
Performed with: find * -type f | xargs perl -i -p -e 's{\s+$}{\n}' git diff -w & git diff -b show no diffs from this change Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 30 Jun, 2011 1 commit
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 22 May, 2011 1 commit
-
-
Alan Coopersmith authored
Clears Sun compiler warnings from shifting 8 bits by 24 bits: "cursor.c", line 215: warning: integer overflow detected: op "<<" "cursor.c", line 280: warning: integer overflow detected: op "<<" Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 07 May, 2011 1 commit
-
-
Jeremy Huddleston Sequoia authored
Previously it would either div-zero or get stuck in a loop until int overflow if called with a bad value. cursor.c:214:32: warning: Division by zero return (0xff << 24) | ((red/npixels) << 16) | ((green/npixels) << 8) | (blue/npixels); Found-by: clang static analyzer Signed-off-by:
Jeremy Huddleston <jeremyhu@apple.com>
-
- 01 Apr, 2011 3 commits
-
-
Chris Wilson authored
References: https://bugs.freedesktop.org/show_bug.cgi?id=2731Signed-off-by:
Chris Wilson <chris@chris-wilson.co.uk>
-
Chris Wilson authored
Signed-off-by:
Chris Wilson <chris@chris-wilson.co.uk>
-
Chris Wilson authored
We freed the parent structure without freeing the list contained within, making valgrind unhappy. Signed-off-by:
Chris Wilson <chris@chris-wilson.co.uk>
-
- 02 Feb, 2011 2 commits
-
-
Gaetan Nadon authored
We can skip the extra step of using XCURSORPATH_LIST in configure.ac. Signed-off-by:
Gaetan Nadon <memsize@videotron.ca>
-
Gaetan Nadon authored
Group statements per section as per Autoconf standard layout Quote statements where appropriate. Autoconf recommends not using dnl instead of # for comments Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters. This helps automated maintenance and release activities. Details can be found in http://wiki.x.org/wiki/NewModuleGuidelinesSigned-off-by:
Gaetan Nadon <memsize@videotron.ca>
-
- 29 Jan, 2011 1 commit
-
-
Gaetan Nadon authored
Signed-off-by:
Gaetan Nadon <memsize@videotron.ca>
-
- 28 Jan, 2011 1 commit
-
-
Gaetan Nadon authored
This silences an Automake warning. Signed-off-by:
Gaetan Nadon <memsize@videotron.ca>
-
- 27 Jan, 2011 1 commit
-
-
Gaetan Nadon authored
XORG_STRICT_OPTION from XORG_DEFAULT_OPTIONS calls AC_PROG_C_C99. This sets gcc with -std=gnu99. If AC_PROG_CC macro is called afterwards, it resets CC to gcc. Signed-off-by:
Gaetan Nadon <memsize@videotron.ca>
-
- 28 Oct, 2010 1 commit
-
-
Alan Coopersmith authored
Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
-
- 16 Aug, 2010 1 commit
-
-
Gaetan Nadon authored
Signed-off-by:
Gaetan Nadon <memsize@videotron.ca>
-