Bug 68189

Summary: [CVE-2013-1997 5/15] breaks non-US keyboard layout in several Puppy Linux builds
Product: xorg Reporter: petri.makinen.ruovesi
Component: Lib/XlibAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED MOVED QA Contact: Xorg Project Team <xorg-team>
Severity: major    
Priority: medium    
Version: 7.7 (2012.06)   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description petri.makinen.ruovesi 2013-08-16 15:00:02 UTC 
[CVE-2013-1997 5/15] commit breaks non-US keyboard layouts causing US layout to pop up. It happend after booting to the X and launching first application in X.
In the second launch the layout has been restored to the expected one.

Link to the commit:
http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=fd7d4956bc7a1c4b5c38661b12777ebee4d685d9

The rows in commit which causes the bug:
+ if (((unsigned short)rep->firstKeySym + rep->nKeySyms) > map->num_syms)
+ return BadLength;

The patch which fixes the non-US keyboard layout bug:

diff -Naur libX11-1.6.1ORIG/src/xkb/XKBGetMap.c libX11-1.6.1/src/xkb/XKBGetMap.c
--- libX11-1.6.1ORIG/src/xkb/XKBGetMap.c	2013-07-30 12:30:01.000000000 +0800
+++ libX11-1.6.1/src/xkb/XKBGetMap.c	2013-08-16 20:32:07.000000000 +0800
@@ -212,8 +212,9 @@
 	KeySym *		newSyms;
 	int			tmp;
 

-	if (((unsigned short)rep->firstKeySym + rep->nKeySyms) > map->num_syms)
-	    return BadLength;
+	//BK this was in 'CVE-2013-1997.patch', but it breaks non-US keyboard layout in Puppy Linux...
+	//if (((unsigned short)rep->firstKeySym + rep->nKeySyms) > map->num_syms)
+	//    return BadLength;
 	oldMap = &map->key_sym_map[rep->firstKeySym];
 	for (i=0;i<(int)rep->nKeySyms;i++,oldMap++) {
 	    newMap= (xkbSymMapWireDesc *)

The bug has been verified in libX11 versions of ubuntu precise, ubuntu raring, debian wheezy and debian sid.

The fix which has been verified to work has been revert to use original ubuntu precise libX11 or applying above patch.
Comment 1 GitLab Migration User 2018-08-10 20:10:32 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/lib/libx11/issues/29.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.