[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#931332: marked as done (xserver-xorg-core: X crash on keyboard remapping)

Your message dated Mon, 25 Nov 2019 14:14:35 +0100
with message-id <20191125131435.gmnvqzwwlkc7dsxp@function>
and subject line Re: Bug#931332: xserver-xorg-core: X crash on keyboard remapping
has caused the Debian Bug report #931332,
regarding xserver-xorg-core: X crash on keyboard remapping
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
931332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931332
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: xserver-xorg-core
Version: 2:1.20.4-1
Severity: important
Tags: patch a11y
Forwarded: https://gitlab.freedesktop.org/xorg/xserver/issues/574

Hello,

As reported on https://gitlab.freedesktop.org/xorg/xserver/issues/574
X crashes on XkbSetMap. Running the attached patch is enough to crash
the server.

This is notably a concern for people using Braille devices to type text,
because at-spi and xbrlapi use keyboard remapping to be able to simulate
all needed keysyms. Just typing e.g. 'ô' (⢹ in french Braille) is
enough to crash the server.

The attached patch was commited upstream to fix this, could you consider
including it in the next Buster point release?

Stretch does not seem to be affected.

Samuel

#include <X11/Xlib.h>
#include <X11/Intrinsic.h>
#include <X11/XKBlib.h>
#define XK_LATIN1
#include <X11/keysymdef.h>
#include <stdio.h>

int main(void) {
  Display *dpy;
  dpy = XOpenDisplay("");
  int keycode = 240;
  int keysym = XK_ecircumflex;

  XkbDescPtr desc;
  if (!(desc = XkbGetMap (dpy, XkbAllMapComponentsMask, XkbUseCoreKbd)))
    {
      fprintf (stderr, "ERROR getting map\n");
    }
  XFlush (dpy);
  XSync (dpy, False);
  if (desc && desc->map)
    {
      int offset = desc->map->key_sym_map[keycode].offset;
      desc->map->syms[offset] = keysym; 
    }
  else
    {
      fprintf (stderr, "Error changing key map: empty server structure\n");
    }		
  XkbSetMap (dpy, XkbAllMapComponentsMask, desc);
  /**
   *  FIXME: the use of XkbChangeMap, and the reuse of the priv->xkb_desc structure, 
   * would be far preferable.
   * HOWEVER it does not seem to work using XFree 4.3. 
   **/
  /*	    XkbChangeMap (dpy, priv->xkb_desc, priv->changes); */
  XFlush (dpy);
  XSync (dpy, False);
  XkbFreeKeyboard (desc, 0, TRUE);

  return TRUE;
}

commit 8469bfead9515ab3644f1769a1ff51466ba8ffee
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Mon Jul 1 02:31:02 2019 +0200

    Fix crash on XkbSetMap
    
    Some devices may not have keyboard information.
    
    Fixes #574

diff --git a/xkb/xkb.c b/xkb/xkb.c
index 764079506..9bd45a34a 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2383,6 +2383,9 @@ _XkbSetMapChecks(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req,
     XkbSymMapPtr map;
     int i;
 
+    if (!dev->key)
+        return 0;
+
     xkbi = dev->key->xkbInfo;
     xkb = xkbi->desc;
 
@@ -2495,6 +2498,9 @@ _XkbSetMap(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req, char *values)
     XkbSrvInfoPtr xkbi;
     XkbDescPtr xkb;
 
+    if (!dev->key)
+        return Success;
+
     xkbi = dev->key->xkbInfo;
     xkb = xkbi->desc;
 
commit fabc4219622f3c0b41b1cb897c46e092377059e3
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Mon Jul 1 02:33:26 2019 +0200

    Fix crash on XkbSetMap
    
    Since group_info and width are used for the key actions allocations,
    when modifying them we need to take care of reallocation key actions if
    needed.

diff --git a/xkb/xkb.c b/xkb/xkb.c
index 9bd45a34a..3162574a4 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2110,6 +2110,9 @@ SetKeySyms(ClientPtr client,
                 }
             }
         }
+        if (XkbKeyHasActions(xkb, i + req->firstKeySym))
+            XkbResizeKeyActions(xkb, i + req->firstKeySym,
+                                XkbNumGroups(wire->groupInfo) * wire->width);
         oldMap->kt_index[0] = wire->ktIndex[0];
         oldMap->kt_index[1] = wire->ktIndex[1];
         oldMap->kt_index[2] = wire->ktIndex[2];

--- End Message ---
--- Begin Message --- 
Version: 1.20.6-1

Hello,

Samuel Thibault, le mer. 30 oct. 2019 15:13:06 +0100, a ecrit:
> Just for the record: the patch is commited in master for 1.21, and in
> server-1.20-branch for 1.20.6.

This was now uploaded to unstable.

Would it be possible to consider including it in a
buster-proposed-update upload? (attached here again) In the meanwhile,
people using Braille devices to type text get crashes whenever they type
e.g. ô.

As a reminder as well, the crash reproducer.

Samuel

commit 8469bfead9515ab3644f1769a1ff51466ba8ffee
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Mon Jul 1 02:31:02 2019 +0200

    Fix crash on XkbSetMap
    
    Some devices may not have keyboard information.
    
    Fixes #574

diff --git a/xkb/xkb.c b/xkb/xkb.c
index 764079506..9bd45a34a 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2383,6 +2383,9 @@ _XkbSetMapChecks(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req,
     XkbSymMapPtr map;
     int i;
 
+    if (!dev->key)
+        return 0;
+
     xkbi = dev->key->xkbInfo;
     xkb = xkbi->desc;
 
@@ -2495,6 +2498,9 @@ _XkbSetMap(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req, char *values)
     XkbSrvInfoPtr xkbi;
     XkbDescPtr xkb;
 
+    if (!dev->key)
+        return Success;
+
     xkbi = dev->key->xkbInfo;
     xkb = xkbi->desc;
 
commit fabc4219622f3c0b41b1cb897c46e092377059e3
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Mon Jul 1 02:33:26 2019 +0200

    Fix crash on XkbSetMap
    
    Since group_info and width are used for the key actions allocations,
    when modifying them we need to take care of reallocation key actions if
    needed.

diff --git a/xkb/xkb.c b/xkb/xkb.c
index 9bd45a34a..3162574a4 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2110,6 +2110,9 @@ SetKeySyms(ClientPtr client,
                 }
             }
         }
+        if (XkbKeyHasActions(xkb, i + req->firstKeySym))
+            XkbResizeKeyActions(xkb, i + req->firstKeySym,
+                                XkbNumGroups(wire->groupInfo) * wire->width);
         oldMap->kt_index[0] = wire->ktIndex[0];
         oldMap->kt_index[1] = wire->ktIndex[1];
         oldMap->kt_index[2] = wire->ktIndex[2];

#include <X11/Xlib.h>
#include <X11/Intrinsic.h>
#include <X11/XKBlib.h>
#define XK_LATIN1
#include <X11/keysymdef.h>
#include <stdio.h>

int main(void) {
  Display *dpy;
  dpy = XOpenDisplay("");
  int keycode = 240;
  int keysym = XK_ecircumflex;

  XkbDescPtr desc;
  if (!(desc = XkbGetMap (dpy, XkbAllMapComponentsMask, XkbUseCoreKbd)))
    {
      fprintf (stderr, "ERROR getting map\n");
    }
  XFlush (dpy);
  XSync (dpy, False);
  if (desc && desc->map)
    {
      int offset = desc->map->key_sym_map[keycode].offset;
      desc->map->syms[offset] = keysym; 
    }
  else
    {
      fprintf (stderr, "Error changing key map: empty server structure\n");
    }		
  XkbSetMap (dpy, XkbAllMapComponentsMask, desc);
  /**
   *  FIXME: the use of XkbChangeMap, and the reuse of the priv->xkb_desc structure, 
   * would be far preferable.
   * HOWEVER it does not seem to work using XFree 4.3. 
   **/
  /*	    XkbChangeMap (dpy, priv->xkb_desc, priv->changes); */
  XFlush (dpy);
  XSync (dpy, False);
  XkbFreeKeyboard (desc, 0, TRUE);

  return TRUE;
}

--- End Message ---
Reply to: