From 448398a3b97a77648e90cc993597bafb2ad95eac Mon Sep 17 00:00:00 2001 From: Valentin Date: Sun, 30 Aug 2020 15:35:16 +0200 Subject: [PATCH 1/2] Use fixed size integer type This type is meant to be 4 bytes large as seen in _XcursorReadUInt which always reads 4 bytes. An unsigned int is often 4 bytes large but this isnt' guaranteed so it is cleaner to use the exact type we want. --- include/X11/Xcursor/Xcursor.h.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/X11/Xcursor/Xcursor.h.in b/include/X11/Xcursor/Xcursor.h.in index 1a14386..36400bf 100644 --- a/include/X11/Xcursor/Xcursor.h.in +++ b/include/X11/Xcursor/Xcursor.h.in @@ -23,11 +23,12 @@ #ifndef _XCURSOR_H_ #define _XCURSOR_H_ #include +#include #include #include typedef int XcursorBool; -typedef unsigned int XcursorUInt; +typedef uint32_t XcursorUInt; typedef XcursorUInt XcursorDim; typedef XcursorUInt XcursorPixel; -- GitLab From 204b6f130858ef038832887ea10488e7aed711a6 Mon Sep 17 00:00:00 2001 From: Valentin Date: Sun, 30 Aug 2020 15:37:19 +0200 Subject: [PATCH 2/2] Fix undefined behavior Without the casts the bytes accesses get converted to int. but int is not guaranteed to be 4 bytes large. Even when it is 4 bytes large `bytes[3] << 24` does not fit because int is signed. --- src/file.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/file.c b/src/file.c index da16277..c074f71 100644 --- a/src/file.c +++ b/src/file.c @@ -161,11 +161,12 @@ _XcursorReadUInt (XcursorFile *file, XcursorUInt *u) return XcursorFalse; if ((*file->read) (file, bytes, 4) != 4) - return XcursorFalse; - *u = ((bytes[0] << 0) | - (bytes[1] << 8) | - (bytes[2] << 16) | - (bytes[3] << 24)); + return XcursorFalse; + + *u = ((XcursorUInt)(bytes[0]) << 0) | + ((XcursorUInt)(bytes[1]) << 8) | + ((XcursorUInt)(bytes[2]) << 16) | + ((XcursorUInt)(bytes[3]) << 24); return XcursorTrue; } -- GitLab