Bug 57022

Who is the local XKB expert?

The call to xcb_xkb_get_map_map() seems to be guilty. This function just returns a pointer past the given map_reply. Your sample code then casts this to (xcb_xkb_get_map_map_t *) which is a struct that contains pointers. Obviously, this cannot work.
However, I don't know how this is supposed to work (and the API docs suggest that this is indeed used correctly, the doxygen comment for xcb_xkb_get_map_map() says it returns a xcb_xkb_get_map_map_t *)

Created attachment 69950 [details]
Self-contained example that reproduces the crash

Out local XKB expert showed up: http://lists.freedesktop.org/archives/xcb/2012-November/007961.html

Attached is a diff and a new version of the sample program that actually works.

Created attachment 69951 [details] [review]
Fix for the earlier self-contained example which fixes the crash

Ok, Bugzilla only let's me attach a single attachment at once. So here is just the patch, that should be enough anyway.

Nice, too bad i didn't find your repository earlier.
________________________________
From: xcb-bounces+gatis.paeglis=digia.com@lists.freedesktop.org [xcb-bounces+gatis.paeglis=digia.com@lists.freedesktop.org] on behalf of Christoph Reimann [chrr@arcor.de]
Sent: Monday, November 12, 2012 6:31 PM
To: bugzilla-daemon@freedesktop.org
Cc: xcb@lists.freedesktop.org
Subject: Re: [Xcb] [Bug 57022] New: xkb crash when iterating xcb_xkb_get_map() data.

Hi, I don't have a running XCB version at the moment, but maybe this will help:
As far as I remember, there should be a call to xcb_xkb_get_map_map_unpack.
See below for a function from test code I wrote > two years ago [1].
Hope that helps,
Christoph

[1] http://cgit.freedesktop.org/~chr/check_xkb/tree/xkb_util.c

xcb_xkb_get_map_reply_t *
xcb_xkb_util_get_map(xcb_connection_t      *c,
             xcb_xkb_device_spec_t  device_spec,
             uint16_t               map_components,
             xcb_xkb_get_map_map_t *_aux,
             xcb_generic_error_t  **e) {
  xcb_xkb_get_map_cookie_t cookie;
  xcb_xkb_get_map_reply_t *reply;
  void *buffer;

  cookie =  xcb_xkb_get_map (c, device_spec, map_components,
                 0, /* partial */
                 0, /* firstType */
                 0, /* nTypes */
                 0, /* firstKeySym */
                 0, /* nKeySyms */
                 0, /* firstKeyAction */
                 0, /* nKeyActions */
                 0, /* firstKeyBehavior */
                 0, /* nKeyBehaviors */
                 0, /* virtualMods */
                 0, /* firstKeyExplicit */
                 0, /* nKeyExplicit */
                 0, /* firstModMapKey */
                 0, /* nModMapKeys */
                 0, /* firstVModMapKey */
                 0  /* nVModMapKeys */);

  reply = xcb_xkb_get_map_reply (c, cookie, e);

  if (!(*e)) {
    buffer = xcb_xkb_get_map_map(reply);
    xcb_xkb_get_map_map_unpack (buffer, reply->nTypes, reply->nKeySyms, reply->nKeyActions,
                reply->totalActions, reply->totalKeyBehaviors, reply->nVModMapKeys,
                reply->totalKeyExplicit, reply->totalModMapKeys, reply->totalVModMapKeys,
                reply->present, _aux);
  }

  return reply;
}


On 12 November 2012 18:01, <bugzilla-daemon@freedesktop.org<mailto:bugzilla-daemon@freedesktop.org>> wrote:
Priority        medium
Bug ID  57022<https://bugs.freedesktop.org/show_bug.cgi?id=57022>
Assignee        xcb@lists.freedesktop.org<mailto:xcb@lists.freedesktop.org>
Summary xkb crash when iterating xcb_xkb_get_map() data.
QA Contact      xcb@lists.freedesktop.org<mailto:xcb@lists.freedesktop.org>
Severity        normal
Classification  Unclassified
OS      All
Reporter        gatis.paeglis@digia.com<mailto:gatis.paeglis@digia.com>
Hardware        Other
Status  NEW
Version unspecified
Component       Library
Product XCB

Fallowing example always crashes when trying to read data returned from
xcb_xkb_get_map(). Tested with both real and virtual modifiers, unable to read
keycodes.

    xcb_xkb_get_map_cookie_t map_cookie;
    xcb_xkb_get_map_reply_t *map_reply;
    xcb_generic_error_t *map_error = 0;

    map_cookie = xcb_xkb_get_map(xcb_connection(),
                                 XCB_XKB_ID_USE_CORE_KBD,
                                 XCB_XKB_MAP_PART_VIRTUAL_MOD_MAP |
                                 XCB_XKB_MAP_PART_KEY_TYPES |
                                 XCB_XKB_MAP_PART_KEY_SYMS |
                                 XCB_XKB_MAP_PART_EXPLICIT_COMPONENTS |
                                 XCB_XKB_MAP_PART_KEY_ACTIONS |
                                 XCB_XKB_MAP_PART_KEY_BEHAVIORS |
                                 XCB_XKB_MAP_PART_VIRTUAL_MODS |
                                 XCB_XKB_MAP_PART_MODIFIER_MAP,
                                 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); // hmm

    map_reply = xcb_xkb_get_map_reply(xcb_connection(), map_cookie,
&map_error);
    if (map_error) {
        free(map_error);
        return;
    }

    const xcb_xkb_get_map_map_t *map = (xcb_xkb_get_map_map_t
*)xcb_xkb_get_map_map(map_reply);


    xcb_xkb_key_v_mod_map_iterator_t iter =
xcb_xkb_get_map_map_vmodmap_rtrn_iterator(map_reply, map);
    xcb_keycode_t key = 0;
    while (iter.rem) {
        if (iter.data) {
            key = iter.data->keycode; // <----- CRASH
            xcb_xkb_key_v_mod_map_next(&iter);
        }
    }

________________________________
You are receiving this mail because:

  *   You are the QA Contact for the bug.
  *   You are the assignee for the bug.

_______________________________________________
Xcb mailing list
Xcb@lists.freedesktop.org<mailto:Xcb@lists.freedesktop.org>
http://lists.freedesktop.org/mailman/listinfo/xcb