Bug 3684

Summary: Corrupted data structure in uim-xim
Product: UIM Reporter: Daniel Stone <daniel>
Component: bridge: XIMAssignee: uim-bugs
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: high    
Version: unspecified   
Hardware: All   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description FreeDesktop Bugzilla Database Corruption Fix User 2005-07-01 21:37:41 UTC
Please see xim/compose.cpp at the top of XimIM::ParseComposeStringFile.

The first thing this method does is initialize the compose key mapping
tree with one root node. However it fails to initialize the keysym,
modifier, and modifier_mask fields of the structure. These get random
values according to whatever was in the memory that got allocated.

Unfortunately because of bad luck, on my system, the garbage value in
"keysym" is not always but sometimes actually a valid keysym. If I am
unlucky enough to press that particular key, uim-xim will crash because
Compose::handleKey will call m_xic->commit_string on a NULL string.

Actually I am not sure why ParseComposeStringFile creates a root node
to the structure at all, since parse_compose_line should take care of
creating it on demand. If I am correct about this then the following
patch should suffice. If I am mistaken about the usefullness of
creating the root node then the correct fix is rather to initialize the
three extra fields to sane values.

diff -r -u uim-0.4.7.OLD/xim/compose.cpp uim-0.4.7/xim/compose.cpp
--- uim-0.4.7.OLD/xim/compose.cpp	2005-06-05 10:52:42.000000000 -0400
+++ uim-0.4.7/xim/compose.cpp	2005-07-02 00:34:26.285018921 -0400
@@ -654,15 +654,6 @@
     char* tbp;
     struct stat st;
 
-    if (mTreeTop == NULL) {
-	mTreeTop = (DefTree *)malloc(sizeof(DefTree));
-	mTreeTop->succession = NULL;
-	mTreeTop->next = NULL;
-	mTreeTop->mb = NULL;
-	mTreeTop->utf8 = NULL;
-	mTreeTop->ks = NoSymbol;
-    }
-
     if (fstat(fileno(fp), &st) != -1) {
 	unsigned long size = (unsigned long)st.st_size;
 	if (size <= sizeof tb)

-Phil
Comment 1 Etsushi Kato 2005-07-02 00:11:07 UTC
> Actually I am not sure why ParseComposeStringFile creates a root node
> to the structure at all, since parse_compose_line should take care of
> creating it on demand. If I am correct about this then the following
> patch should suffice. If I am mistaken about the usefullness of
> creating the root node then the correct fix is rather to initialize the
> three extra fields to sane values.

Good catch!  As you noted, the root node is created in parse_compose_line() with
*top == NULL, so the initialization in XimIM::ParseComposeStringFile is redundant.

Cheers,
--
Etsushi kato
ekato@ees.hokudai.ac.jp

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.