Age | Commit message (Collapse) | Author |
|
XcursorLibraryLoadImages is unused, let's drop it.
Same as [1].
[1]: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/206
Co-authored-by: Simon Ser <contact@emersion.fr>
|
|
The libXcursor fix for CVE-2013-2003 has never been imported into
wlroots, leaving it vulnerable to it.
Changing the argument type to an unsigned type is an effective merge of
Ilja Van Sprundel's commit in libXcursor.
Proof of Concept (compile with address sanitizer):
$ mkdir -p ~/.local/share/icons/poc/cursors
$ base64 -d <<< WGN1chAAAAAAAAAA/////w== > \
~/.local/share/icons/poc/cursors/poc
$ echo "seat seat0 xcursor_theme poc 10" > ~/poc-config
$ sway -c ~/poc-config
|
|
Since len <= strlen(elt) is known, we don't need a str*() function. Let's
simply do memcpy() to suppress linter false positive.
Fixes #2777.
|
|
This reverts commit 7dffe9339bf8a92a556098d86712c4c38ac95226, which introduced
another linter error with -O3:
error: ‘strncat’ specified bound 7 equals source length [-Werror=stringop-overflow=]
This makes sense because strncat(dest, "cursors", strlen("cursors")) is moot
in security point of view.
The next commit will replace strncpy() with memcpy(), so let's restore the
original implementation.
|
|
strncat appends '\0' automatically and avoids the stringop-truncation
warning/error
|
|
Fix false positive stringop-truncation warning/error with GCC 10 on s390x by indicating GCC to explicitly ignore this case, as it is clearly a false positive (NUL is set in the following line).
This allow the compilation to succeed with -Werror on.
Fixes: https://github.com/swaywm/wlroots/issues/2018
|
|
Without the casts the bytes accesses get converted to int. but int is
not guaranteed to be 4 bytes large. Even when it is 4 bytes large
`bytes[3] << 24` does not fit because int is signed.
|
|
This should match default XCURSORPATH, which is used by libwayland-cursor
and other xcursor loading libraries more closely.
|
|
Nowadays ~/.icons is not used anymore as the preferred location for custom
user icon themes; XDG_DATA_HOME/icons (aka ~/.local/share/icons) is what
toolkits like GTK prefer. Prepend that location to the default xcursor path, so
that cursor themes installed there can be used by apps and toolkits that use
libXcursor.
Port of https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/src?id=2263c196cb0dcb8547b378df7b35f83b8b99c01e
|
|
Port of https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/src?id=f64a8cc1a65dcad4294e2988b402a34175019663
|
|
It is possible to trigger heap overflows due to an integer overflow
while parsing images.
The integer overflow occurs because the chosen limit 0x10000 for
dimensions is too large for 32 bit systems, because each pixel takes
4 bytes. Properly chosen values allow an overflow which in turn will
lead to less allocated memory than needed for subsequent reads.
See also:
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
https://gitlab.freedesktop.org/wayland/wayland/commit/5d201df72f3d4f4cb8b8f75f980169b03507da38
|
|
|
|
|