[PATCH v2 libXi 1/2] SizeClassInfo can return 0 even without an error

Thu Oct 13 03:58:22 UTC 2016

From: Niels Ole Salscheider <niels_ole at salscheider-online.de>

Catch the error case separately. Commit 19a9cd607d added length checking to
SizeClassInfo but re-used the return value of 0 for an error. A device without
classes (as is initialized by xf86-input-libinput for tablets) can
legitimately return 0 and erroneously triggers an error.
Fix this by using a separate value for the error.

Reproducible by calling XListInputDevices() with a tablet attached.

This fixes a regression introduced in commit 19a9cd607d.

Signed-off-by: Niels Ole Salscheider <niels_ole at salscheider-online.de>
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
Changes to v1:
- don't touch *size until we're sure.
- expand commit message

Niels:
I left you as author and your signed-off-by since it's essentially your
patch with a minor change.

 src/XListDev.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/XListDev.c b/src/XListDev.c
index f850cd0..e4bd3d5 100644
--- a/src/XListDev.c
+++ b/src/XListDev.c
@@ -73,27 +73,28 @@ static int pad_to_xid(int base_size)
     return ((base_size + padsize - 1)/padsize) * padsize;
 }
 
-static size_t
-SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes)
+static int
+SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes, size_t *size)
 {
-    int size = 0;
     int j;
+    size_t sz = 0;
+
     for (j = 0; j < num_classes; j++) {
         switch ((*any)->class) {
             case KeyClass:
-                size += pad_to_xid(sizeof(XKeyInfo));
+                sz += pad_to_xid(sizeof(XKeyInfo));
                 break;
             case ButtonClass:
-                size += pad_to_xid(sizeof(XButtonInfo));
+                sz += pad_to_xid(sizeof(XButtonInfo));
                 break;
             case ValuatorClass:
                 {
                     xValuatorInfoPtr v;
 
                     if (len < sizeof(v))
-                        return 0;
+                        return 1;
                     v = (xValuatorInfoPtr) *any;
-                    size += pad_to_xid(sizeof(XValuatorInfo) +
+                    sz += pad_to_xid(sizeof(XValuatorInfo) +
                         (v->num_axes * sizeof(XAxisInfo)));
                     break;
                 }
@@ -101,11 +102,13 @@ SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes)
                 break;
         }
         if ((*any)->length > len)
-            return 0;
+            return 1;
         *any = (xAnyClassPtr) ((char *)(*any) + (*any)->length);
     }
 
-    return size;
+    *size = sz;
+
+    return 0;
 }
 
 static void
@@ -220,8 +223,7 @@ XListInputDevices(
 	sav_any = any;
 	end = (char *)list + rlen;
 	for (i = 0; i < *ndevices; i++, list++) {
-            s = SizeClassInfo(&any, end - (char *)any, (int)list->num_classes);
-            if (!s)
+            if(SizeClassInfo(&any, end - (char *)any, (int)list->num_classes, &s))
                 goto out;
             size += s;
 	}
-- 
2.7.4

