From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 23 Jul 2018 01:48:35 +0000 (+1000)
Subject: keycodes: don't try to copy zero key aliases
X-Git-Tag: xkbcommon-0.8.1~2^2~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=badb428e63387140720f22486b3acbd3d738859f;p=platform%2Fupstream%2Flibxkbcommon.git

keycodes: don't try to copy zero key aliases

Move the aliases copy to within the (num_key_aliases > 0) block.

Passing info->aliases into this fuction with invalid aliases will
cause log messages but num_key_aliases stays on 0. The key_aliases array
is never allocated and remains NULL. We then loop through the aliases, causing
a null-pointer dereference.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---

diff --git a/src/xkbcomp/keycodes.c b/src/xkbcomp/keycodes.c
index 7f5955e..491da51 100644
--- a/src/xkbcomp/keycodes.c
+++ b/src/xkbcomp/keycodes.c
@@ -596,14 +596,14 @@ CopyKeyAliasesToKeymap(struct xkb_keymap *keymap, KeyNamesInfo *info)
         key_aliases = calloc(num_key_aliases, sizeof(*key_aliases));
         if (!key_aliases)
             return false;
-    }
 
-    i = 0;
-    darray_foreach(alias, info->aliases) {
-        if (alias->real != XKB_ATOM_NONE) {
-            key_aliases[i].alias = alias->alias;
-            key_aliases[i].real = alias->real;
-            i++;
+        i = 0;
+        darray_foreach(alias, info->aliases) {
+            if (alias->real != XKB_ATOM_NONE) {
+                key_aliases[i].alias = alias->alias;
+                key_aliases[i].real = alias->real;
+                i++;
+            }
         }
     }