Backport 6d54f4: fix 64bit ecore-x selection overrun bug.

"""
Ecore-X: Fix selection parser to not use longs - wrong on 64bit as the
rest of ecore-x keeps types to their REAL sizes (ints),  but xlib uses
longs (change size - eg 64bit even though protocol-wise  the data is
DEFINEd as 32bit)
"""

Change-Id: I307551d3ad2c5b95e291737bdad08280db4a03ee
Signed-off-by: Daniel Willmann <d.willmann@samsung.com>

diff --git a/ChangeLog b/ChangeLog
index 61678ab..88785f1 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1070,3 +1070,11 @@
        * Fixed condition based on uninitialized value in ecore_x_selection
        (both xlib and xcb).
        * Fixed a leaked when no selection converter matches.
+
+2013-05-21     Daniel Willmann
+
+                               * Backport (6d54f46) from Raster:
+        Ecore-X: Fix selection parser to not use longs - wrong on
+        64bit as the rest of ecore-x keeps types to their REAL sizes (ints),
+        but xlib uses longs (change size - eg 64bit even though protocol-wise
+        the data is DEFINEd as 32bit)

diff --git a/NEWS b/NEWS
index d2f18ec..468a9e0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,7 @@ Fixes:
      - ecore_x_randr to actually return crtcs possible outputs properly.
      - ecore_x_randr to actually return crtcs outputs properly.
     * send ECORE_X_EVENT_SELECTION_NOTIFY even if there is no data.
+    * Ecore-X: Fix selection parser to not overrun buffer read by using longs on 64bit.
 
 Improvements:
 

diff --git a/src/lib/ecore_x/xcb/ecore_xcb_selection.c b/src/lib/ecore_x/xcb/ecore_xcb_selection.c
index 58ab373..35d25e3 100644 (file)
--- a/src/lib/ecore_x/xcb/ecore_xcb_selection.c
+++ b/src/lib/ecore_x/xcb/ecore_xcb_selection.c
@@ -895,13 +895,13 @@ _ecore_xcb_selection_parser_targets(const char *target __UNUSED__,
                                     int         format __UNUSED__)
 {
    Ecore_X_Selection_Data_Targets *sel;
-   unsigned long *targets;
+   int *targets;
    int i = 0;
 
    LOGFN(__FILE__, __LINE__, __FUNCTION__);
    CHECK_XCB_CONN;
 
-   if (!(targets = (unsigned long *)data)) return NULL;
+   if (!(targets = data)) return NULL;
 
    sel = calloc(1, sizeof(Ecore_X_Selection_Data_Targets));
    if (!sel) return NULL;

diff --git a/src/lib/ecore_x/xlib/ecore_x_selection.c b/src/lib/ecore_x/xlib/ecore_x_selection.c
index 3dcc3b2..1fb5859 100644 (file)
--- a/src/lib/ecore_x/xlib/ecore_x_selection.c
+++ b/src/lib/ecore_x/xlib/ecore_x_selection.c
@@ -977,12 +977,12 @@ _ecore_x_selection_parser_targets(const char *target __UNUSED__,
                                   int format __UNUSED__)
 {
    Ecore_X_Selection_Data_Targets *sel;
-   unsigned long *targets;
+   int *targets;
    int i;
 
    sel = calloc(1, sizeof(Ecore_X_Selection_Data_Targets));
    if (!sel) return NULL;
-   targets = (unsigned long *)data;
+   targets = data;
 
    sel->num_targets = size - 2;
    sel->targets = malloc((size - 2) * sizeof(char *));