Ah-ha, got it. Atoms are packed as 32bit values, and on 64bit systems, this will mean the last atom in the list copies 4 bytes out of xinput's heap after the end of the data buffer. This patch is a real fix and corrects the dereferenced size so that the resulting atom is zero- extended instead of filling the high half with garbage.
** Patch added: "defensive-getatom.patch" http://launchpadlibrarian.net/44216975/defensive-getatom.patch ** Also affects: xf86-input-wacom (Ubuntu Lucid) Importance: Undecided Status: Invalid ** Also affects: xinput (Ubuntu Lucid) Importance: Undecided Status: Triaged ** Changed in: xinput (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: xinput (Ubuntu Lucid) Milestone: None => ubuntu-10.04 ** Patch removed: "defensive-getatom.patch" http://launchpadlibrarian.net/44214885/defensive-getatom.patch ** Changed in: xinput (Ubuntu Lucid) Assignee: (unassigned) => Kees Cook (kees) -- xinput crashes on wacom properties list https://bugs.launchpad.net/bugs/563457 You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xinput in ubuntu. _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
