#include <X11/extensions/XInput.h>
#include <X11/extensions/extutil.h>
#include "XIint.h"
+#include <limits.h>
XFeedbackState *
XGetFeedbackControl(
XDevice *dev,
int *num_feedbacks)
{
- int size = 0;
- int nbytes, i;
XFeedbackState *Feedback = NULL;
XFeedbackState *Sav = NULL;
xFeedbackState *f = NULL;
goto out;
if (rep.length > 0) {
+ unsigned long nbytes;
+ size_t size = 0;
+ int i;
+
*num_feedbacks = rep.num_feedbacks;
- nbytes = (long)rep.length << 2;
- f = (xFeedbackState *) Xmalloc((unsigned)nbytes);
+
+ if (rep.length < (INT_MAX >> 2)) {
+ nbytes = rep.length << 2;
+ f = Xmalloc(nbytes);
+ }
if (!f) {
- _XEatData(dpy, (unsigned long)nbytes);
+ _XEatDataWords(dpy, rep.length);
goto out;
}
sav = f;
_XRead(dpy, (char *)f, nbytes);
for (i = 0; i < *num_feedbacks; i++) {
+ if (f->length > nbytes)
+ goto out;
+ nbytes -= f->length;
+
switch (f->class) {
case KbdFeedbackClass:
size += sizeof(XKbdFeedbackState);
case StringFeedbackClass:
{
xStringFeedbackState *strf = (xStringFeedbackState *) f;
-
size += sizeof(XStringFeedbackState) +
(strf->num_syms_supported * sizeof(KeySym));
}
size += f->length;
break;
}
+ if (size > INT_MAX)
+ goto out;
f = (xFeedbackState *) ((char *)f + f->length);
}
- Feedback = (XFeedbackState *) Xmalloc((unsigned)size);
+ Feedback = Xmalloc(size);
if (!Feedback)
goto out;
}
case IntegerFeedbackClass:
{
- xIntegerFeedbackState *i;
+ xIntegerFeedbackState *ifs;
XIntegerFeedbackState *I;
- i = (xIntegerFeedbackState *) f;
+ ifs = (xIntegerFeedbackState *) f;
I = (XIntegerFeedbackState *) Feedback;
- I->class = i->class;
+ I->class = ifs->class;
I->length = sizeof(XIntegerFeedbackState);
- I->id = i->id;
- I->resolution = i->resolution;
- I->minVal = i->min_value;
- I->maxVal = i->max_value;
+ I->id = ifs->id;
+ I->resolution = ifs->resolution;
+ I->minVal = ifs->min_value;
+ I->maxVal = ifs->max_value;
break;
}
case StringFeedbackClass:
projects / platform / upstream / libXi.git / blobdiff