Skip to content
Snippets Groups Projects
Commit 0e4ed949 authored by Olivier Fourdan's avatar Olivier Fourdan :tools:
Browse files

xkb: Fix buffer overflow in XkbChangeTypesOfKey() 


If XkbChangeTypesOfKey() is called with nGroups == 0, it will resize the
key syms to 0 but leave the key actions unchanged.

If later, the same function is called with a non-zero value for nGroups,
this will cause a buffer overflow because the key actions are of the wrong
size.

To avoid the issue, make sure to resize both the key syms and key actions
when nGroups is 0.

CVE-2025-26597, ZDI-CAN-25683

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: default avatarOlivier Fourdan <ofourdan@redhat.com>
Reviewed-by: default avatarPeter Hutterer <peter.hutterer@who-t.net>
Part-of: <!1828>
parent 80d69f01
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment