../src/wcmCommon.c:709:2: runtime error: index 6 out of bounds for type 'int
[priv->naxes]'
SUMMARY: AddressSanitizer: undefined-behavior ../src/wcmCommon.c:709
The 'valuators' array is dynamically sized based on how many axes the
device has (typically 6, but possibly 7 if the WCM_DUALRING feature is
set). Unfortunately, we don't pay attention to how many axes actually
exist when filling the array and end up writing one 'int' worth of
data past the end in most circumstances.
This appears to have not triggered any issues in the past simply because
with a typical stack layout, the code as written (valuators[6] = v6)
won't do anything (since &valuators[6] == &v6). Even stil...
Signed-off-by: Jason Gerecke <jason.gere...@wacom.com>
---
src/wcmCommon.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/wcmCommon.c b/src/wcmCommon.c
index 92f8cf8..4dd537c 100644
--- a/src/wcmCommon.c
+++ b/src/wcmCommon.c
@@ -706,7 +706,8 @@ void wcmSendEvents(InputInfoPtr pInfo, const
WacomDeviceState* ds)
valuators[3] = v3;
valuators[4] = v4;
valuators[5] = v5;
- valuators[6] = v6;
+ if (priv->naxes > 6)
+ valuators[6] = v6;
if (type == PAD_ID)
wcmSendPadEvents(pInfo, ds, 3, priv->naxes - 3, &valuators[3]);
/* pad doesn't post x/y/z */
--
2.3.5
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Linuxwacom-devel mailing list
Linuxwacom-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxwacom-devel
