Skip to content

Commit badb428

Browse files
committed
keycodes: don't try to copy zero key aliases
Move the aliases copy to within the (num_key_aliases > 0) block. Passing info->aliases into this fuction with invalid aliases will cause log messages but num_key_aliases stays on 0. The key_aliases array is never allocated and remains NULL. We then loop through the aliases, causing a null-pointer dereference. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
1 parent 9045b03 commit badb428

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

Diff for: src/xkbcomp/keycodes.c

+7-7
Original file line numberDiff line numberDiff line change
@@ -596,14 +596,14 @@ CopyKeyAliasesToKeymap(struct xkb_keymap *keymap, KeyNamesInfo *info)
596596
key_aliases = calloc(num_key_aliases, sizeof(*key_aliases));
597597
if (!key_aliases)
598598
return false;
599-
}
600599

601-
i = 0;
602-
darray_foreach(alias, info->aliases) {
603-
if (alias->real != XKB_ATOM_NONE) {
604-
key_aliases[i].alias = alias->alias;
605-
key_aliases[i].real = alias->real;
606-
i++;
600+
i = 0;
601+
darray_foreach(alias, info->aliases) {
602+
if (alias->real != XKB_ATOM_NONE) {
603+
key_aliases[i].alias = alias->alias;
604+
key_aliases[i].real = alias->real;
605+
i++;
606+
}
607607
}
608608
}
609609

0 commit comments

Comments
 (0)