1. 30 Aug, 2020 2 commits
    • Valentin's avatar
      Fix undefined behavior · 204b6f13
      Valentin authored
      Without the casts the bytes accesses get converted to int. but int is
      not guaranteed to be 4 bytes large. Even when it is 4 bytes large
      `bytes[3] << 24` does not fit because int is signed.
      204b6f13
    • Valentin's avatar
      Use fixed size integer type · 448398a3
      Valentin authored
      This type is meant to be 4 bytes large as seen in _XcursorReadUInt which
      always reads 4 bytes. An unsigned int is often 4 bytes large but this
      isnt' guaranteed so it is cleaner to use the exact type we want.
      448398a3
  2. 11 Mar, 2019 1 commit
  3. 08 Dec, 2018 1 commit
  4. 20 Nov, 2018 1 commit
  5. 10 Nov, 2018 1 commit
    • Cosimo Cecchi's avatar
      Support XDG user data dir location · 2263c196
      Cosimo Cecchi authored
      Nowadays ~/.icons is not used anymore as the preferred location for
      custom user icon themes; XDG_DATA_HOME/icons (aka ~/.local/share/icons)
      is what toolkits like GTK prefer.
      
      Prepend that location to the default xcursor path, so that cursor
      themes installed there can be used by apps and toolkits that use
      libXcursor.
      2263c196
  6. 24 Mar, 2018 1 commit
  7. 25 Nov, 2017 2 commits
    • Matthieu Herrb's avatar
      libXcursor 1.1.15 · 4828abe4
      Matthieu Herrb authored
      Signed-off-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
      4828abe4
    • Tobias Stoeckmann's avatar
      Fix heap overflows when parsing malicious files. (CVE-2017-16612) · 4794b5dd
      Tobias Stoeckmann authored
      It is possible to trigger heap overflows due to an integer overflow
      while parsing images and a signedness issue while parsing comments.
      
      The integer overflow occurs because the chosen limit 0x10000 for
      dimensions is too large for 32 bit systems, because each pixel takes
      4 bytes. Properly chosen values allow an overflow which in turn will
      lead to less allocated memory than needed for subsequent reads.
      
      The signedness bug is triggered by reading the length of a comment
      as unsigned int, but casting it to int when calling the function
      XcursorCommentCreate. Turning length into a negative value allows the
      check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
      addition of sizeof (XcursorComment) + 1 makes it possible to allocate
      less memory than needed for subsequent reads.
      Signed-off-by: Tobias Stoeckmann's avatarTobias Stoeckmann <tobias@stoeckmann.org>
      Reviewed-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
      4794b5dd
  8. 26 Jan, 2017 3 commits
  9. 05 Jun, 2015 1 commit
  10. 18 Oct, 2014 2 commits
  11. 05 Jun, 2014 2 commits
  12. 30 May, 2013 1 commit
  13. 27 Apr, 2013 1 commit
  14. 16 Jan, 2013 1 commit
  15. 08 Mar, 2012 1 commit
  16. 01 Dec, 2011 2 commits
  17. 25 Sep, 2011 2 commits
  18. 20 Sep, 2011 1 commit
  19. 17 Sep, 2011 1 commit
  20. 30 Jun, 2011 1 commit
  21. 22 May, 2011 1 commit
  22. 07 May, 2011 1 commit
  23. 01 Apr, 2011 3 commits
  24. 02 Feb, 2011 2 commits
  25. 29 Jan, 2011 1 commit
  26. 28 Jan, 2011 1 commit
  27. 27 Jan, 2011 1 commit
  28. 28 Oct, 2010 1 commit
  29. 16 Aug, 2010 1 commit