Bug 12528

Summary: Server crashes when receiving high key codes from evdev
Product: xorg Reporter: Jürg Billeter <j>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: critical    
Priority: medium    
Version: 7.3 (2007.09)   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Jürg Billeter 2007-09-23 01:36:22 UTC 
I'm using xorg-server 1.4 with xf86-input-evdev master (with AllowEmptyInput and devices configured via HAL) on Linux x86_64. Pressing the "Zoom In" or the "Zoom Out" key on my keyboard crashes the server.

The KEY_ZOOMIN / KEY_ZOOMOUT linux input events have the keycodes 0x1a2 and 0x1a3, resp. I'd guess that the crash happens because of the high keycode used as array index in GetKeyboardValuatorEvents() without range check.

Backtrace:

0: /usr/bin/Xorg(xf86SigHandler+0x6a) [0x48b01a]

1: /lib/libc.so.6 [0x2b9414c72790]

2: /usr/bin/Xorg(GetKeyboardValuatorEvents+0x4c) [0x45b7dc]

3: /usr/bin/Xorg(GetKeyboardEvents+0x17) [0x45bae7]

4: /usr/bin/Xorg(xf86PostKeyboardEvent+0x63) [0x478e93]

5: /usr/lib/xorg/modules/input//evdev_drv.so [0x2b94191daf3a]

6: /usr/bin/Xorg [0x48b11f]

7: /usr/bin/Xorg [0x47050c]

8: /lib/libc.so.6 [0x2b9414c72790]

9: /lib/libc.so.6(__select+0x13) [0x2b9414cfbb43]

10: /usr/bin/Xorg(WaitForSomething+0x6db) [0x55be7b]

11: /usr/bin/Xorg(Dispatch+0x8b) [0x44bdcb]

12: /usr/bin/Xorg(main+0x47c) [0x4348cc]

13: /lib/libc.so.6(__libc_start_main+0xf4) [0x2b9414c5fac4]

14: /usr/bin/Xorg(FontFileCompleteXLFD+0x259) [0x433c09]
Comment 1 Daniel Stone 2007-09-23 02:43:40 UTC 
fixed in master, will be dragged back to 1.4 -- thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.