[mutter] keybindings: Avoid using unitialized memory and grabbing random keys



commit e160babe3f3d82718f1d015db3e07b469f731aff
Author: Rui Matos <tiagomatos gmail com>
Date:   Wed May 11 18:07:49 2016 +0200

    keybindings: Avoid using unitialized memory and grabbing random keys
    
    meta_parse_accelerator() considers 0 length accelerator strings as
    valid, meaning that the keybinding should be disabled. Unfortunately,
    it doesn't initialize the MetaKeyCombo so if the caller doesn't
    initialize it either, we end up using random values and possibly
    grabbing random keys.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=766270

 src/core/keybindings.c      |    4 ++--
 src/core/meta-accel-parse.c |   10 +++++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/src/core/keybindings.c b/src/core/keybindings.c
index 2a8063e..ed34aea 100644
--- a/src/core/keybindings.c
+++ b/src/core/keybindings.c
@@ -1379,8 +1379,8 @@ meta_display_grab_accelerator (MetaDisplay *display,
   MetaKeyBindingManager *keys = &display->key_binding_manager;
   MetaKeyBinding *binding;
   MetaKeyGrab *grab;
-  MetaKeyCombo combo;
-  MetaResolvedKeyCombo resolved_combo;
+  MetaKeyCombo combo = { 0 };
+  MetaResolvedKeyCombo resolved_combo = { 0 };
 
   if (!meta_parse_accelerator (accelerator, &combo))
     {
diff --git a/src/core/meta-accel-parse.c b/src/core/meta-accel-parse.c
index 9cea488..6f3c912 100644
--- a/src/core/meta-accel-parse.c
+++ b/src/core/meta-accel-parse.c
@@ -326,6 +326,10 @@ gboolean
 meta_parse_accelerator (const char   *accel,
                         MetaKeyCombo *combo)
 {
+  g_return_val_if_fail (combo != NULL, FALSE);
+
+  *combo = (MetaKeyCombo) { 0 };
+
   if (!accel[0] || strcmp (accel, "disabled") == 0)
     return TRUE;
 
@@ -336,7 +340,11 @@ gboolean
 meta_parse_modifier (const char          *accel,
                      MetaVirtualModifier *mask)
 {
-  MetaKeyCombo combo;
+  MetaKeyCombo combo = { 0 };
+
+  g_return_val_if_fail (mask != NULL, FALSE);
+
+  *mask = 0;
 
   if (accel == NULL || !accel[0] || strcmp (accel, "disabled") == 0)
     return TRUE;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]