Missing boundary-checks in XkbApplyMappingChange?

Magnus Vigerlöf Magnus.Vigerlof at home.se
Sat Nov 17 05:39:14 PST 2007


We (linuxwacom) got hit by a strange crash recently. As we want to be able to 
map some of the buttons on the tablet to key-presses/-releases for simple 
shortcuts we register a few keys with InitKeyClassDeviceStruct.

The driver has until now registered at most 32 keys (8-40) to be able to 
report these, but with Xorg7.3 (and master) we've seen a crash by simply 
running one of the following commands (and only when a wacom InputDevice is 
$ xmodmap -e 'keysym Alt_L = Meta_L Alt_L'
$ xmodmap -e "keysym BackSpace = Delete"

The stacktrace that is printed is always the following:

0: /home/wigge/.Xorg/bin/Xorg(xf86SigHandler+0x79) [0x80c9229]
1: [0xffffe420]
2: /home/wigge/.Xorg/bin/Xorg(XkbApplyMappingChange+0x1b9) [0x818da69]
3: /home/wigge/.Xorg/bin/Xorg(SendDeviceMappingNotify+0xe3) [0x8171ec3]
4: /home/wigge/.Xorg/bin/Xorg(ProcChangeKeyboardMapping+0x218) [0x8083af8]
5: /home/wigge/.Xorg/bin/Xorg [0x814eac3]
6: /home/wigge/.Xorg/bin/Xorg(Dispatch+0x2b3) [0x808bfa3]
7: /home/wigge/.Xorg/bin/Xorg(main+0x49a) [0x807307a]
8: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc) [0xb7c4aebc]
9: /home/wigge/.Xorg/bin/Xorg(FontFileCompleteXLFD+0x225) [0x80723a1]

Fatal server error:
Caught signal 11.  Server aborting

By changing the number of registered keys to 512 I got rid of the crash, but I 
feel this is not the correct way of doing it.. I suspect a missing boundary 
check in XkbApplyMappingChange here. Is it so, or are we not using the 
interface in the correct way?


More information about the xorg mailing list