From 9cfd521ae1c3442c672251d13b2bbca18cfe3d25 Mon Sep 17 00:00:00 2001 From: Jake Barnes Date: Sun, 6 Nov 2022 17:05:14 +1100 Subject: [PATCH] Fix out-of-bounds access in XWindowsScreen::updateButtons This code triggers an assertion in gcc's std_vector.h on my system due to a logical button 0 causing a write to m_buttons[-1], and a SIGABRT. I've tried to make this code do what it seems to be intended to do, but m_buttons isn't actually read from anywhere anyway. --- src/lib/platform/XWindowsScreen.cpp | 8 ++++---- src/lib/platform/XWindowsScreen.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib/platform/XWindowsScreen.cpp b/src/lib/platform/XWindowsScreen.cpp index 7f8ce655..1ac5e85e 100644 --- a/src/lib/platform/XWindowsScreen.cpp +++ b/src/lib/platform/XWindowsScreen.cpp @@ -1941,15 +1941,15 @@ XWindowsScreen::updateButtons() } // allocate button array - m_buttons.resize(maxButton); + m_buttons.resize(maxButton + 1); // fill in button array values. m_buttons[i] is the physical - // button number for logical button i+1. - for (UInt32 i = 0; i < numButtons; ++i) { + // button number for logical button i. + for (UInt32 i = 0; i < maxButton + 1; ++i) { m_buttons[i] = 0; } for (UInt32 i = 0; i < numButtons; ++i) { - m_buttons[tmpButtons[i] - 1] = i + 1; + m_buttons[tmpButtons[i]] = i; } // clean up diff --git a/src/lib/platform/XWindowsScreen.h b/src/lib/platform/XWindowsScreen.h index 581e91ff..fd86b3ab 100644 --- a/src/lib/platform/XWindowsScreen.h +++ b/src/lib/platform/XWindowsScreen.h @@ -228,7 +228,7 @@ private: bool m_screensaverNotify; // logical to physical button mapping. m_buttons[i] gives the - // physical button for logical button i+1. + // physical button for logical button i. std::vector m_buttons; // true if global auto-repeat was enabled before we turned it off