[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#673031: marked as done (bad handling of overlong key name)

Your message dated Fri, 22 Apr 2022 11:11:59 +0200
with message-id <YmJxX/zACXr6E6OP@jcristau-z4>
and subject line Re: Bug#673031: bad handling of overlong key name
has caused the Debian Bug report #673031,
regarding bad handling of overlong key name
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
673031: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673031
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: x11-xkb-utils
Version: 7.5+5
Severity: minor

XKB key names are limited to four octets.  Initially I didn't know that,
and tried to use longer names, like this:

$ cat t0.xkb
xkb_keymap {
xkb_keycodes "test_keycodes" {
        minimum = 8;
        maximum = 255;
        <FOOBAR> = 10;
};
xkb_types "complete" { include "complete" };
xkb_compatibility "complete" { include "complete" };
xkb_symbols "us" { include "us" };
xkb_geometry "kinesis" { include "kinesis" };
};
$ xkbcomp t0.xkb t0.xkm
syntax error: line 5 of t0.xkb
last scanned symbol is: FOOBARm
Errors encountered in t0.xkb; not compiled.

There's obviously a nul-termination problem in that error message.
Possibly overrunning a fixed-size buffer too?

-zefram

--- End Message ---
--- Begin Message --- 
On Tue, May 15, 2012 at 03:44:32PM +0100, Zefram wrote:
> XKB key names are limited to four octets.  Initially I didn't know that,
> and tried to use longer names, like this:
> 
> $ cat t0.xkb
> xkb_keymap {
> xkb_keycodes "test_keycodes" {
>         minimum = 8;
>         maximum = 255;
>         <FOOBAR> = 10;
> };
> xkb_types "complete" { include "complete" };
> xkb_compatibility "complete" { include "complete" };
> xkb_symbols "us" { include "us" };
> xkb_geometry "kinesis" { include "kinesis" };
> };
> $ xkbcomp t0.xkb t0.xkm
> syntax error: line 5 of t0.xkb
> last scanned symbol is: FOOBARm
> Errors encountered in t0.xkb; not compiled.
> 
> There's obviously a nul-termination problem in that error message.
> Possibly overrunning a fixed-size buffer too?
> 
This was fixed many years ago:

commit cdcd552041fc1325a2a81e3374fadb0dd15950dc
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date:   Thu Jul 11 13:26:18 2013 +1000

    Always terminate the scanBuf string (#66345)
    
    If a key name exceeds 4 characters, the content of scanBuf is not
    null-terminated, giving error messages like
    
    syntax error: line 7 of test.xkb
    last scanned symbol is: FOOBARm
    Errors encountered in test.xkb; not compiled.
    
    (last character of the preceding 'maximum' statement in this case)
    
    X.Org Bug 66345 <http://bugs.freedesktop.org/show_bug.cgi?id=66345>
    
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

commit 24d18e0a844041ef82441adb16aa18cc4b4814ae
Author: Benno Schulenberg <bensberg@justemail.net>
Date:   Wed Aug 28 20:03:30 2013 +0200

    Making sure that a copied string is always null-terminated (#66345).
    
    A more minimalistic and formally correct solution.
    This amends and extends the previous fix for bug #66345,
    fixing not just yyGetKeyName() but also yyGetString().
    
    Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
    
    Fixes a typo from cdcd552 (should be sizeof - 1, not sizeof -i).
    Code flows that i is at most sizeof(scanBuf) - 1, so last is not needed.
    
    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>


Closing this report.

Cheers,
Julien

--- End Message ---
Reply to: