Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xwayland for openSUSE:Factory checked in at 2025-06-18 19:30:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xwayland (Old) and /work/SRC/openSUSE:Factory/.xwayland.new.19631 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xwayland" Wed Jun 18 19:30:31 2025 rev:42 rq:1286473 version:24.1.7 Changes: -------- --- /work/SRC/openSUSE:Factory/xwayland/xwayland.changes 2025-02-27 14:52:57.089527783 +0100 +++ /work/SRC/openSUSE:Factory/.xwayland.new.19631/xwayland.changes 2025-06-18 19:30:42.087436444 +0200 @@ -1,0 +2,40 @@ +Tue Jun 17 20:01:39 UTC 2025 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 24.1.7: + * This release contains the fixes for the issues reported in + today's security advisory: + https://lists.x.org/archives/xorg/2025-June/062055.html + CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178, + CVE-2025-49179, CVE-2025-49180. + * Additionally, this release includes several other various fixes. + * Drop patches fixed upstream: + - U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch + - U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch + - U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch + - U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch + - U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch + - U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch + +------------------------------------------------------------------- +Thu Jun 5 12:55:30 UTC 2025 - Stefan Dirsch <sndir...@suse.com> + +- U_CVE-2025-49175-render-Avoid-0-or-less-animated-cursors.patch + * Out-of-bounds access in X Rendering extension (Animated cursors) + (CVE-2025-49175, bsc#1244082) +- U_CVE-2025-49176-os-Do-not-overflow-the-integer-size-with-BigRequest.patch + * Integer overflow in Big Requests Extension + (CVE-2025-49176, bsc#1244084) +- U_CVE-2025-49177-xfixes-Check-request-length-for-SetClientDisconnectM.patch + * Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) + (CVE-2025-49177, bsc#1244085) +- U_CVE-2025-49178-os-Account-for-bytes-to-ignore-when-sharing-input-bu.patch + * Unprocessed client request via bytes to ignore + (CVE-2025-49178, bsc#1244087) +- U_CVE-2025-49179-record-Check-for-overflow-in-RecordSanityCheckRegist.patch + * Integer overflow in X Record extension + (CVE-2025-49179, bsc#1244089) +- U_CVE-2025-49180-randr-Check-for-overflow-in-RRChangeProviderProperty.patch + * Integer overflow in RandR extension (RRChangeProviderProperty) + (CVE-2025-49180, bsc#1244090) + +------------------------------------------------------------------- Old: ---- xwayland-24.1.6.tar.xz xwayland-24.1.6.tar.xz.sig New: ---- xwayland-24.1.7.tar.xz xwayland-24.1.7.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xwayland.spec ++++++ --- /var/tmp/diff_new_pack.HO6HGW/_old 2025-06-18 19:30:42.799465171 +0200 +++ /var/tmp/diff_new_pack.HO6HGW/_new 2025-06-18 19:30:42.803465331 +0200 @@ -22,7 +22,7 @@ %endif Name: xwayland -Version: 24.1.6 +Version: 24.1.7 Release: 0 URL: http://xorg.freedesktop.org Summary: Xwayland Xserver @@ -31,6 +31,7 @@ Source0: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz Source1: %{url}/archive/individual/xserver/%{name}-%{version}.tar.xz.sig Source2: xwayland.keyring + BuildRequires: meson BuildRequires: ninja BuildRequires: pkgconfig ++++++ xwayland-24.1.6.tar.xz -> xwayland-24.1.7.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/Xi/xigrabdev.c new/xwayland-24.1.7/Xi/xigrabdev.c --- old/xwayland-24.1.6/Xi/xigrabdev.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/Xi/xigrabdev.c 2025-06-17 15:08:26.000000000 +0200 @@ -82,6 +82,9 @@ if (ret != Success) return ret; + if (!dev->enabled) + return AlreadyGrabbed; + if (!IsMaster(dev)) stuff->paired_device_mode = GrabModeAsync; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/dix/dispatch.c new/xwayland-24.1.7/dix/dispatch.c --- old/xwayland-24.1.6/dix/dispatch.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/dix/dispatch.c 2025-06-17 15:08:26.000000000 +0200 @@ -517,9 +517,10 @@ /* now, finally, deal with client requests */ result = ReadRequestFromClient(client); - if (result <= 0) { - if (result < 0) - CloseDownClient(client); + if (result == 0) + break; + else if (result == -1) { + CloseDownClient(client); break; } @@ -540,7 +541,7 @@ client->index, client->requestBuffer); #endif - if (result > (maxBigRequestSize << 2)) + if (result < 0 || result > (maxBigRequestSize << 2)) result = BadLength; else { result = XaceHookDispatch(client, client->majorOp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/dix/enterleave.c new/xwayland-24.1.7/dix/enterleave.c --- old/xwayland-24.1.6/dix/enterleave.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/dix/enterleave.c 2025-06-17 15:08:26.000000000 +0200 @@ -731,7 +731,7 @@ evcount += ((nval - 3) + 6)/6; } - BUG_RETURN(evcount <= ARRAY_SIZE(sev)); + BUG_RETURN(evcount > ARRAY_SIZE(sev)); FixDeviceStateNotify(dev, ev, k, b, v, first); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/dix/events.c new/xwayland-24.1.7/dix/events.c --- old/xwayland-24.1.6/dix/events.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/dix/events.c 2025-06-17 15:08:26.000000000 +0200 @@ -1487,6 +1487,30 @@ } /** + * Return the current master keyboard or, if we're temporarily detached, the one + * we've been attached to previously. + */ +static DeviceIntPtr +CurrentOrOldMasterKeyboard(DeviceIntPtr dev) +{ + DeviceIntPtr kbd = GetMaster(dev, MASTER_KEYBOARD); + + if (kbd) + return kbd; + + if (dev->saved_master_id) { + dixLookupDevice(&kbd, dev->saved_master_id, serverClient, DixUseAccess); + if (!kbd) + return NULL; + /* if dev is a pointer the saved master is a master pointer, + * we want the keybard */ + return GetMaster(kbd, MASTER_KEYBOARD); + } + + return NULL; +} + +/** * Update touch records when an explicit grab is activated. Any touches owned by * the grabbing client are updated so the listener state reflects the new grab. */ @@ -1713,6 +1737,10 @@ GrabInfoPtr grabinfo = &keybd->deviceGrab; GrabPtr oldgrab = grabinfo->grab; WindowPtr oldWin; + DeviceIntPtr master_keyboard = CurrentOrOldMasterKeyboard(keybd); + + if (!master_keyboard) + master_keyboard = inputInfo.keyboard; /* slave devices need to float for the duration of the grab. */ if (grab->grabtype == XI2 && keybd->enabled && @@ -1728,7 +1756,7 @@ else oldWin = keybd->spriteInfo->sprite->win; if (oldWin == FollowKeyboardWin) - oldWin = keybd->focus->win; + oldWin = master_keyboard->focus->win; if (keybd->valuator) keybd->valuator->motionHintWindow = NullWindow; if (oldWin && @@ -1759,6 +1787,10 @@ WindowPtr focusWin; Bool wasImplicit = (keybd->deviceGrab.fromPassiveGrab && keybd->deviceGrab.implicitGrab); + DeviceIntPtr master_keyboard = CurrentOrOldMasterKeyboard(keybd); + + if (!master_keyboard) + master_keyboard = inputInfo.keyboard; if (keybd->valuator) keybd->valuator->motionHintWindow = NullWindow; @@ -1779,7 +1811,7 @@ focusWin = NullWindow; if (focusWin == FollowKeyboardWin) - focusWin = inputInfo.keyboard->focus->win; + focusWin = master_keyboard->focus->win; DoFocusEvents(keybd, grab->window, focusWin, NotifyUngrab); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/hw/xwayland/meson.build new/xwayland-24.1.7/hw/xwayland/meson.build --- old/xwayland-24.1.6/hw/xwayland/meson.build 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/hw/xwayland/meson.build 2025-06-17 15:08:26.000000000 +0200 @@ -196,6 +196,7 @@ 'exec_prefix=${prefix}', 'xwayland=' + xwayland_path + '/Xwayland', ] + xwayland_vars, + url: 'https://gitlab.freedesktop.org/xorg/xserver/', ) xwayland_manpage = configure_file( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/include/meson.build new/xwayland-24.1.7/include/meson.build --- old/xwayland-24.1.6/include/meson.build 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/include/meson.build 2025-06-17 15:08:26.000000000 +0200 @@ -167,6 +167,8 @@ conf_data.set('HAVE_STRLCPY', cc.has_function('strlcpy', dependencies: libbsd_dep) ? '1' : false) conf_data.set('HAVE_STRNCASECMP', cc.has_function('strncasecmp') ? '1' : false) conf_data.set('HAVE_STRNDUP', cc.has_function('strndup') and cc.has_header_symbol('string.h', 'strndup') ? '1' : false) +# HAVE_STRUCT_SOCKADDR_STORAGE is used by xtrans >= 1.6 +conf_data.set('HAVE_STRUCT_SOCKADDR_STORAGE', cc.has_type('struct sockaddr_storage', prefix: '#include <sys/socket.h>') ? '1' : false) conf_data.set('HAVE_TIMINGSAFE_MEMCMP', cc.has_function('timingsafe_memcmp') ? '1' : false) conf_data.set('HAVE_VASPRINTF', cc.has_function('vasprintf') ? '1' : false) conf_data.set('HAVE_VSNPRINTF', cc.has_function('vsnprintf') ? '1' : false) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/meson.build new/xwayland-24.1.7/meson.build --- old/xwayland-24.1.6/meson.build 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/meson.build 2025-06-17 15:08:26.000000000 +0200 @@ -3,10 +3,10 @@ 'buildtype=debugoptimized', 'c_std=gnu99', ], - version: '24.1.6', + version: '24.1.7', meson_version: '>= 0.56.0', ) -release_date = '2025-02-25' +release_date = '2025-06-17' add_project_arguments('-DHAVE_DIX_CONFIG_H', language: ['c', 'objc']) cc = meson.get_compiler('c') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/mi/mipointer.c new/xwayland-24.1.7/mi/mipointer.c --- old/xwayland-24.1.6/mi/mipointer.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/mi/mipointer.c 2025-06-17 15:08:26.000000000 +0200 @@ -200,6 +200,8 @@ return FALSE; pPointer = MIPOINTER(pDev); + if (!pPointer) + return FALSE; pPointer->pCursor = pCursor; pPointer->pScreen = pScreen; @@ -222,6 +224,8 @@ miPointerPtr pPointer; pPointer = MIPOINTER(pDev); + if (!pPointer) + return; pPointer->limits = *pBox; pPointer->confined = PointerConfinedToScreen(pDev); @@ -273,6 +277,9 @@ SetupScreen(pScreen); miPointerPtr pPointer = MIPOINTER(pDev); + if (!pPointer) + return TRUE; + pPointer->generateEvent = generateEvent; if (pScreen->ConstrainCursorHarder) @@ -379,6 +386,8 @@ BOOL changedScreen = FALSE; pPointer = MIPOINTER(pDev); + if (!pPointer) + return; if (pPointer->pScreen != pScreen) { mieqSwitchScreen(pDev, pScreen, TRUE); @@ -504,6 +513,9 @@ miPointerPtr pPointer; pPointer = MIPOINTER(pDev); + if (!pPointer) + return; + pPointer->pSpriteCursor = (CursorPtr) 1; } @@ -522,6 +534,8 @@ miPointerPtr pPointer; pPointer = MIPOINTER(pDev); + if (!pPointer) + return; pScreen = screenInfo.screens[screen_no]; mieqSwitchScreen(pDev, pScreen, FALSE); @@ -566,6 +580,8 @@ SetupScreen(pScreen); pPointer = MIPOINTER(pDev); + if (!pPointer) + return; /* Hack: We mustn't call into ->MoveCursor for anything but the * VCP, as this may cause a non-HW rendered cursor to be rendered while @@ -718,8 +734,15 @@ void miPointerGetPosition(DeviceIntPtr pDev, int *x, int *y) { - *x = MIPOINTER(pDev)->x; - *y = MIPOINTER(pDev)->y; + miPointerPtr pPointer = MIPOINTER(pDev); + if (pPointer) { + *x = pPointer->x; + *y = pPointer->y; + } + else { + *x = 0; + *y = 0; + } } /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/os/io.c new/xwayland-24.1.7/os/io.c --- old/xwayland-24.1.6/os/io.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/os/io.c 2025-06-17 15:08:26.000000000 +0200 @@ -299,6 +299,10 @@ needed = get_big_req_len(request, client); } client->req_len = needed; + if (needed > MAXINT >> 2) { + /* Check for potential integer overflow */ + return -(BadLength); + } needed <<= 2; /* needed is in bytes now */ } if (gotnow < needed) { @@ -441,7 +445,7 @@ */ gotnow -= needed; - if (!gotnow) + if (!gotnow && !oci->ignoreBytes) AvailableInput = oc; if (move_header) { if (client->req_len < bytes_to_int32(sizeof(xBigReq) - sizeof(xReq))) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/randr/rrproviderproperty.c new/xwayland-24.1.7/randr/rrproviderproperty.c --- old/xwayland-24.1.6/randr/rrproviderproperty.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/randr/rrproviderproperty.c 2025-06-17 15:08:26.000000000 +0200 @@ -179,7 +179,8 @@ if (mode == PropModeReplace || len > 0) { void *new_data = NULL, *old_data = NULL; - + if (total_len > MAXINT / size_in_bytes) + return BadValue; total_size = total_len * size_in_bytes; new_value.data = (void *) malloc(total_size); if (!new_value.data && total_size) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/record/record.c new/xwayland-24.1.7/record/record.c --- old/xwayland-24.1.6/record/record.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/record/record.c 2025-06-17 15:08:26.000000000 +0200 @@ -46,6 +46,7 @@ #include "swaprep.h" #include "inputstr.h" #include "scrnintstr.h" +#include "opaque.h" #include <stdio.h> #include <assert.h> @@ -1299,6 +1300,13 @@ int i; XID recordingClient; + /* LimitClients is 2048 at max, way less that MAXINT */ + if (stuff->nClients > LimitClients) + return BadValue; + + if (stuff->nRanges > (MAXINT - 4 * stuff->nClients) / SIZEOF(xRecordRange)) + return BadValue; + if (((client->req_len << 2) - SIZEOF(xRecordRegisterClientsReq)) != 4 * stuff->nClients + SIZEOF(xRecordRange) * stuff->nRanges) return BadLength; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/render/animcur.c new/xwayland-24.1.7/render/animcur.c --- old/xwayland-24.1.6/render/animcur.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/render/animcur.c 2025-06-17 15:08:26.000000000 +0200 @@ -304,6 +304,9 @@ int rc = BadAlloc, i; AnimCurPtr ac; + if (ncursor <= 0) + return BadValue; + for (i = 0; i < screenInfo.numScreens; i++) if (!GetAnimCurScreen(screenInfo.screens[i])) return BadImplementation; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/render/render.c new/xwayland-24.1.7/render/render.c --- old/xwayland-24.1.6/render/render.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/render/render.c 2025-06-17 15:08:26.000000000 +0200 @@ -1795,6 +1795,8 @@ ncursor = (client->req_len - (bytes_to_int32(sizeof(xRenderCreateAnimCursorReq)))) >> 1; + if (ncursor <= 0) + return BadValue; cursors = xallocarray(ncursor, sizeof(CursorPtr) + sizeof(CARD32)); if (!cursors) return BadAlloc; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/xfixes/disconnect.c new/xwayland-24.1.7/xfixes/disconnect.c --- old/xwayland-24.1.6/xfixes/disconnect.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/xfixes/disconnect.c 2025-06-17 15:08:26.000000000 +0200 @@ -69,6 +69,7 @@ ClientDisconnectPtr pDisconnect = GetClientDisconnect(client); REQUEST(xXFixesSetClientDisconnectModeReq); + REQUEST_SIZE_MATCH(xXFixesSetClientDisconnectModeReq); pDisconnect->disconnect_mode = stuff->disconnect_mode; @@ -82,7 +83,7 @@ swaps(&stuff->length); - REQUEST_AT_LEAST_SIZE(xXFixesSetClientDisconnectModeReq); + REQUEST_SIZE_MATCH(xXFixesSetClientDisconnectModeReq); swapl(&stuff->disconnect_mode); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/xkb/XKBAlloc.c new/xwayland-24.1.7/xkb/XKBAlloc.c --- old/xwayland-24.1.6/xkb/XKBAlloc.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/xkb/XKBAlloc.c 2025-06-17 15:08:26.000000000 +0200 @@ -194,8 +194,10 @@ free(prev_radio_groups); } } - if (names->radio_groups == NULL) + if (names->radio_groups == NULL) { + names->num_rg = 0; return BadAlloc; + } names->num_rg = nTotalRG; } return Success; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/xkb/XKBMAlloc.c new/xwayland-24.1.7/xkb/XKBMAlloc.c --- old/xwayland-24.1.6/xkb/XKBMAlloc.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/xkb/XKBMAlloc.c 2025-06-17 15:08:26.000000000 +0200 @@ -733,7 +733,7 @@ register int i, nActs; XkbAction *newActs; - if (needed == 0) { + if (needed <= 0) { xkb->server->key_acts[key] = 0; return NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xwayland-24.1.6/xkb/xkbtext.c new/xwayland-24.1.7/xkb/xkbtext.c --- old/xwayland-24.1.6/xkb/xkbtext.c 2025-02-25 19:38:11.000000000 +0100 +++ new/xwayland-24.1.7/xkb/xkbtext.c 2025-06-17 15:08:26.000000000 +0200 @@ -71,6 +71,20 @@ /***====================================================================***/ +static inline char * +tbGetBufferString(const char *str) +{ + size_t size = strlen(str) + 1; + char *rtrn = tbGetBuffer((unsigned) size); + + if (rtrn != NULL) + memcpy(rtrn, str, size); + + return rtrn; +} + +/***====================================================================***/ + char * XkbAtomText(Atom atm, unsigned format) { @@ -79,11 +93,7 @@ atmstr = NameForAtom(atm); if (atmstr != NULL) { - int len; - - len = strlen(atmstr) + 1; - rtrn = tbGetBuffer(len); - strlcpy(rtrn, atmstr, len); + rtrn = tbGetBufferString(atmstr); } else { rtrn = tbGetBuffer(1); @@ -151,11 +161,12 @@ char *str, buf[VMOD_BUFFER_SIZE]; if ((modMask == 0) && (mask == 0)) { - rtrn = tbGetBuffer(5); + const int rtrnsize = 5; + rtrn = tbGetBuffer(rtrnsize); if (format == XkbCFile) - sprintf(rtrn, "0"); + snprintf(rtrn, rtrnsize, "0"); else - sprintf(rtrn, "none"); + snprintf(rtrn, rtrnsize, "none"); return rtrn; } if (modMask != 0) @@ -232,7 +243,6 @@ char * XkbModIndexText(unsigned ndx, unsigned format) { - char *rtrn; char buf[100]; if (format == XkbCFile) { @@ -251,9 +261,7 @@ else snprintf(buf, sizeof(buf), "ILLEGAL_%02x", ndx); } - rtrn = tbGetBuffer(strlen(buf) + 1); - strcpy(rtrn, buf); - return rtrn; + return tbGetBufferString(buf); } char * @@ -295,8 +303,7 @@ } } } - rtrn = tbGetBuffer(strlen(buf) + 1); - strcpy(rtrn, buf); + rtrn = tbGetBufferString(buf); return rtrn; } @@ -306,8 +313,9 @@ XkbConfigText(unsigned config, unsigned format) { static char *buf; + const int bufsize = 32; - buf = tbGetBuffer(32); + buf = tbGetBuffer(bufsize); switch (config) { case XkmSemanticsFile: strcpy(buf, "Semantics"); @@ -341,7 +349,7 @@ strcpy(buf, "VirtualMods"); break; default: - sprintf(buf, "unknown(%d)", config); + snprintf(buf, bufsize, "unknown(%d)", config); break; } return buf; @@ -440,7 +448,7 @@ char * XkbIMWhichStateMaskText(unsigned use_which, unsigned format) { - int len; + int len, bufsize; unsigned i, bit, tmp; char *buf; @@ -458,7 +466,8 @@ len += 9; } } - buf = tbGetBuffer(len + 1); + bufsize = len + 1; + buf = tbGetBuffer(bufsize); tmp = use_which & XkbIM_UseAnyMods; for (len = i = 0, bit = 1; tmp != 0; i++, bit <<= 1) { if (tmp & bit) { @@ -466,13 +475,14 @@ if (format == XkbCFile) { if (len != 0) buf[len++] = '|'; - sprintf(&buf[len], "XkbIM_Use%s", imWhichNames[i]); - buf[len + 9] = toupper(buf[len + 9]); + snprintf(&buf[len], bufsize - len, + "XkbIM_Use%s", imWhichNames[i]); + buf[len + 9] = toupper((unsigned char)buf[len + 9]); } else { if (len != 0) buf[len++] = '+'; - sprintf(&buf[len], "%s", imWhichNames[i]); + snprintf(&buf[len], bufsize - len, "%s", imWhichNames[i]); } len += strlen(&buf[len]); } @@ -619,18 +629,27 @@ { int whole, frac; char *buf; + const int bufsize = 13; - buf = tbGetBuffer(12); + buf = tbGetBuffer(bufsize); if (format == XkbCFile) { - sprintf(buf, "%d", val); + snprintf(buf, bufsize, "%d", val); } else { whole = val / XkbGeomPtsPerMM; - frac = val % XkbGeomPtsPerMM; - if (frac != 0) - sprintf(buf, "%d.%d", whole, frac); + frac = abs(val % XkbGeomPtsPerMM); + if (frac != 0) { + if (val < 0) + { + int wholeabs; + wholeabs = abs(whole); + snprintf(buf, bufsize, "-%d.%d", wholeabs, frac); + } + else + snprintf(buf, bufsize, "%d.%d", whole, frac); + } else - sprintf(buf, "%d", whole); + snprintf(buf, bufsize, "%d", whole); } return buf; } @@ -641,7 +660,8 @@ char *buf; if (format == XkbCFile) { - buf = tbGetBuffer(24); + const int bufsize = 24; + buf = tbGetBuffer(bufsize); if (type == XkbOutlineDoodad) strcpy(buf, "XkbOutlineDoodad"); else if (type == XkbSolidDoodad) @@ -653,10 +673,11 @@ else if (type == XkbLogoDoodad) strcpy(buf, "XkbLogoDoodad"); else - sprintf(buf, "UnknownDoodad%d", type); + snprintf(buf, bufsize, "UnknownDoodad%d", type); } else { - buf = tbGetBuffer(12); + const int bufsize = 12; + buf = tbGetBuffer(bufsize); if (type == XkbOutlineDoodad) strcpy(buf, "outline"); else if (type == XkbSolidDoodad) @@ -668,7 +689,7 @@ else if (type == XkbLogoDoodad) strcpy(buf, "logo"); else - sprintf(buf, "unknown%d", type); + snprintf(buf, bufsize, "unknown%d", type); } return buf; } @@ -1214,7 +1235,7 @@ char * XkbActionText(XkbDescPtr xkb, XkbAction *action, unsigned format) { - char buf[ACTION_SZ], *tmp; + char buf[ACTION_SZ]; int sz; if (format == XkbCFile) { @@ -1235,16 +1256,13 @@ CopyOtherArgs(xkb, action, buf, &sz); TryCopyStr(buf, ")", &sz); } - tmp = tbGetBuffer(strlen(buf) + 1); - if (tmp != NULL) - strcpy(tmp, buf); - return tmp; + return tbGetBufferString(buf); } char * XkbBehaviorText(XkbDescPtr xkb, XkbBehavior * behavior, unsigned format) { - char buf[256], *tmp; + char buf[256]; if (format == XkbCFile) { if (behavior->type == XkbKB_Default) @@ -1265,6 +1283,8 @@ } else if (type == XkbKB_RadioGroup) { int g; + char *tmp; + size_t tmpsize; g = ((behavior->data) & (~XkbKB_RGAllowNone)) + 1; if (XkbKB_RGAllowNone & behavior->data) { @@ -1273,10 +1293,11 @@ } else tmp = buf; + tmpsize = sizeof(buf) - (tmp - buf); if (permanent) - sprintf(tmp, "permanentRadioGroup= %d", g); + snprintf(tmp, tmpsize, "permanentRadioGroup= %d", g); else - sprintf(tmp, "radioGroup= %d", g); + snprintf(tmp, tmpsize, "radioGroup= %d", g); } else if ((type == XkbKB_Overlay1) || (type == XkbKB_Overlay2)) { int ndx, kc; @@ -1298,10 +1319,7 @@ snprintf(buf, sizeof(buf), "overlay%d= %s", ndx, kn); } } - tmp = tbGetBuffer(strlen(buf) + 1); - if (tmp != NULL) - strcpy(tmp, buf); - return tmp; + return tbGetBufferString(buf); } /***====================================================================***/
