Bug 2408

Summary: XStringToKeysym return cannot possibly be correct
Product: xorg Reporter: Daniel Stone <daniel>
Component: Lib/XlibAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: high CC: Markus.Kuhn
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Daniel Stone 2005-01-28 09:56:16 UTC
From XStringToKeysym (StrKeysym.c):
1.3          (kuhn     26-Sep-04):      if (val < 0x100)
1.3          (kuhn     26-Sep-04):          return val;
1.3          (kuhn     26-Sep-04):      if (val > 0x10ffff || val < 0x100)
1.2          (eich     23-Apr-04):          return NoSymbol;

I posit that, by virtue of defining < 0x100 to be a return of both val and
NoSymbol (though only the former ever gets reached, obviously), that this code
cannot possibly be correct in its current iteration.  Bradley, what's it
intended to be?
Comment 1 Daniel Stone 2005-01-28 09:57:07 UTC
s/Bradley/Markus/; I'm really, really sorry, but my mind is bleeding after
merging libX11 between the monolithic and modular trees at 0457.
Comment 2 Markus Kuhn 2005-01-28 10:39:15 UTC
Yes, there was a redundant Boolean term left. Cosmetic problem, fixed now in
1.4. Thanks for the repoprt. I also cleaned up the entire boundary-case handling
a bit, to prevent robustly that the Uxxxx notation is abused to generate
non-Unicode or non-Latin-1 keysyms.

--- lib/X11/StrKeysym.c 26 Sep 2004 20:46:18 -0000      1.3
+++ lib/X11/StrKeysym.c 28 Jan 2005 18:31:31 -0000      1.4
@@ -134,16 +134,18 @@
        val = 0;
         for (p = &s[1]; *p; p++) {
             c = *p;
            if ('0' <= c && c <= '9') val = (val<<4)+c-'0';
            else if ('a' <= c && c <= 'f') val = (val<<4)+c-'a'+10;
            else if ('A' <= c && c <= 'F') val = (val<<4)+c-'A'+10;
            else return NoSymbol;
+           if (val > 0x10ffff)
+               return NoSymbol;
        }
+       if (val < 0x20 || (val > 0x7e && val < 0xa0))
+           return NoSymbol;
        if (val < 0x100)
            return val;
-       if (val > 0x10ffff || val < 0x100)
-           return NoSymbol;
         return val | 0x01000000;
     }
-    return (NoSymbol);
+    return NoSymbol;
 }
Comment 3 Daniel Stone 2005-01-28 10:51:47 UTC
Wow, fastest bug closer in the west.  Thanks a lot dude, and sorry once again
about the name. :)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.