efl_ui_selection_manager: fix potential out of bounce access

Summary:
We have been casting the selection to unsigned char * for the address of
sel and not for the value. Coverity pointed this out:
Overrunning buffer pointed to by (unsigned char *)&sel of 8 bytes by
passing it to a function which accesses it at byte offset 167 using argument 168

It seems this has been working by memory layout and luck if I understand
it all correctly.

Coverity ID: 1402666

Reviewers: thiepha, raster, zmike

Reviewed By: zmike

Subscribers: cedric, #reviewers, #committers

Tags: #efl

Differential Revision: https://phab.enlightenment.org/D10107

diff --git a/src/lib/elementary/efl_ui_selection_manager.c b/src/lib/elementary/efl_ui_selection_manager.c
index c42394c..9e2a610 100644 (file)
--- a/src/lib/elementary/efl_ui_selection_manager.c
+++ b/src/lib/elementary/efl_ui_selection_manager.c
@@ -1504,7 +1504,7 @@ _x11_efl_sel_manager_drag_start(Eo *obj EINA_UNUSED, Efl_Ui_Selection_Manager_Da
    /* TODO BUG: should increase dnd-awareness, in case it's drop target as well. See _x11_drag_mouse_up() */
    ecore_x_dnd_aware_set(xwin, EINA_TRUE);
    ecore_x_dnd_callback_pos_update_set(_x11_drag_move, seat_sel);
-   ecore_x_dnd_self_begin(xwin, (unsigned char *)&sel, sizeof(Sel_Manager_Selection));
+   ecore_x_dnd_self_begin(xwin, (unsigned char *)sel, sizeof(Sel_Manager_Selection));
    actx = _x11_dnd_action_rev_map(seat_sel->drag_action);
    ecore_x_dnd_source_action_set(actx);
    ecore_x_pointer_grab(xwin);