-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Julien Danjou wrote:
> Hi Uli,
>
> Sorry for the delay.
>
> At 1242329343 time_t, Uli Schlachter wrote:
>> Subject: [PATCH 1/2] Restructure the code in ewmh_window_icon_from_reply()
>> slightly
>
> Ack.
No changes to this patch (afaik).
>> Subject: [PATCH 2/2] Check that the property is as long as it should be
>> + unsigned long long len;
>
> NEIN!
>
> Never ever use this fucking type inside awesome, please. It's just a
> pain to known which size it will have on every arch in the world. We get
> ride of them with Xlib gone, good riddance. And XCB has a sane behaviour
> using stdint so let's use them.
> If you are checking for CARD32, the corresponding type is uint32_t.
>
>> + /* Check that the property is as long as it should be, handling integer
>> + * overflow. unsigned long long got at least 64 bit and thus this
>> + * multiplication can not overflow.
>> + */
>
> Well you can use uint64_t.
Done
>> + len = data[0] * (unsigned long long) data[1];
>> + if (!data[0] || !data[1] || len > r->length - 2) {
>> + /* TODO remove this warning */
>> + warn("Ignoring invalid icon");
>> + return 0;
>> + }
>> +
>
> Yeah, remove it. ;-)
Also done
Both patches are attached again.
Cheers,
Uli
P.S.: Damn, I forgot "[Patch]" in the topic....
- --
"Do you know that books smell like nutmeg or some spice from a foreign land?"
-- Faber in Fahrenheit 451
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBCAAGBQJKEbHPAAoJECLkKOvLj8sGMOQH/1ctzpGsRrbVP5veOFATJYOd
vfELM4SbVV69Zq1Q+Sg2AEMTOB6+zPpEiYBjLSyHJ2apk5pUrqoiagaC0TiljezQ
dQsO/xYwSttuJ6A/DwgYpM+C/FXxNaESK67TRoU1G/WCCoc7TEnbDM44gRLt7f2W
I/oSDh9IFfE/MFAndPG5laC19aEufIXdtWtSari8gmSgsBJtXTzOmhseQd1I+QIm
80kcCwy5l/1q907HyX8kDpNjg7RAJzkG/+pUvKRo43UyTHVm1ljzs0QpqMDTDcgK
C/6zP3WpBNFc52mX+VaZiS32doZ4UrIN/U//0qk+KcXyesVuWJwmEVXfhrmAW8A=
=1grJ
-----END PGP SIGNATURE-----
>From 50dc7f55cc9a8ae74e1eaa8118a6e30ebcc56f25 Mon Sep 17 00:00:00 2001
From: Uli Schlachter <[email protected]>
Date: Tue, 12 May 2009 11:05:34 +0200
Subject: [PATCH 1/2] Restructure the code in ewmh_window_icon_from_reply() slightly
This is just a preparation for the following commit.
Signed-off-by: Uli Schlachter <[email protected]>
---
ewmh.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/ewmh.c b/ewmh.c
index 2ac8bd7..19ae6cb 100644
--- a/ewmh.c
+++ b/ewmh.c
@@ -662,11 +662,14 @@ ewmh_window_icon_from_reply(xcb_get_property_reply_t *r)
{
uint32_t *data;
- if(r && r->type == CARDINAL && r->format == 32 && r->length >= 2 &&
- (data = (uint32_t *) xcb_get_property_value(r)) && data[0] && data[1])
- return image_new_from_argb32(data[0], data[1], data + 2);
+ if(!r || r->type != CARDINAL || r->format != 32 || r->length < 2)
+ return 0;
- return 0;
+ data = (uint32_t *) xcb_get_property_value(r);
+ if (!data || !data[0] || !data[1])
+ return 0;
+
+ return image_new_from_argb32(data[0], data[1], data + 2);
}
/** Get NET_WM_ICON.
--
1.6.2.4
>From d31cb05f29a9bb5868f3b5bc0f08b6979edaf807 Mon Sep 17 00:00:00 2001
From: Uli Schlachter <[email protected]>
Date: Tue, 12 May 2009 11:08:43 +0200
Subject: [PATCH 2/2] Check that the property is as long as it should be
Before this, a _NET_WM_ICON could have been 5 bytes long but still claiming
that the image it describes is 100x100 pixel in size.
Signed-off-by: Uli Schlachter <[email protected]>
---
ewmh.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/ewmh.c b/ewmh.c
index 19ae6cb..a490524 100644
--- a/ewmh.c
+++ b/ewmh.c
@@ -661,14 +661,24 @@ int
ewmh_window_icon_from_reply(xcb_get_property_reply_t *r)
{
uint32_t *data;
+ uint64_t len;
if(!r || r->type != CARDINAL || r->format != 32 || r->length < 2)
return 0;
data = (uint32_t *) xcb_get_property_value(r);
- if (!data || !data[0] || !data[1])
+ if (!data)
return 0;
+ /* Check that the property is as long as it should be, handling integer
+ * overflow. <uint32_t> times <another uint32_t casted to uint64_t> always
+ * fits into an uint64_t and thus this multiplication cannot overflow.
+ */
+ len = data[0] * (uint64_t) data[1];
+ if (!data[0] || !data[1] || len > r->length - 2) {
+ return 0;
+ }
+
return image_new_from_argb32(data[0], data[1], data + 2);
}
--
1.6.2.4
