--- Begin Message ---
- To: 673031-done@bugs.debian.org
- Subject: Re: Bug#673031: bad handling of overlong key name
- From: Julien Cristau <jcristau@debian.org>
- Date: Fri, 22 Apr 2022 11:11:59 +0200
- Message-id: <YmJxX/zACXr6E6OP@jcristau-z4>
- In-reply-to: <20120515144432.GI11209@lake.fysh.org>
- References: <20120515144432.GI11209@lake.fysh.org>
On Tue, May 15, 2012 at 03:44:32PM +0100, Zefram wrote:
> XKB key names are limited to four octets. Initially I didn't know that,
> and tried to use longer names, like this:
>
> $ cat t0.xkb
> xkb_keymap {
> xkb_keycodes "test_keycodes" {
> minimum = 8;
> maximum = 255;
> <FOOBAR> = 10;
> };
> xkb_types "complete" { include "complete" };
> xkb_compatibility "complete" { include "complete" };
> xkb_symbols "us" { include "us" };
> xkb_geometry "kinesis" { include "kinesis" };
> };
> $ xkbcomp t0.xkb t0.xkm
> syntax error: line 5 of t0.xkb
> last scanned symbol is: FOOBARm
> Errors encountered in t0.xkb; not compiled.
>
> There's obviously a nul-termination problem in that error message.
> Possibly overrunning a fixed-size buffer too?
>
This was fixed many years ago:
commit cdcd552041fc1325a2a81e3374fadb0dd15950dc
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date: Thu Jul 11 13:26:18 2013 +1000
Always terminate the scanBuf string (#66345)
If a key name exceeds 4 characters, the content of scanBuf is not
null-terminated, giving error messages like
syntax error: line 7 of test.xkb
last scanned symbol is: FOOBARm
Errors encountered in test.xkb; not compiled.
(last character of the preceding 'maximum' statement in this case)
X.Org Bug 66345 <http://bugs.freedesktop.org/show_bug.cgi?id=66345>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
commit 24d18e0a844041ef82441adb16aa18cc4b4814ae
Author: Benno Schulenberg <bensberg@justemail.net>
Date: Wed Aug 28 20:03:30 2013 +0200
Making sure that a copied string is always null-terminated (#66345).
A more minimalistic and formally correct solution.
This amends and extends the previous fix for bug #66345,
fixing not just yyGetKeyName() but also yyGetString().
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Fixes a typo from cdcd552 (should be sizeof - 1, not sizeof -i).
Code flows that i is at most sizeof(scanBuf) - 1, so last is not needed.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Closing this report.
Cheers,
Julien
--- End Message ---